Security researchers have discovered malware that scans PCs for remote-access or remote-desktop-configuration files, which indicates installed software that can be used to remotely control the computer.
The malware, dubbed Georbot, then steals related credential files and transmits them to attackers, providing direct access to the machines using the built-in remote access tools.
The Georbot malware's capabilities were discovered in January by security researchers at antivirus firm ESET. "One of the analysts in our virus laboratories noticed that it was communicating with a domain belonging to the Georgian government [the country in southwestern Asia, not the U.S. state] in order to retrieve updates," according to a report that ESET released Wednesday. Notably, the malware connects with that server anytime it fails to connect to its designated command-and-control server
Other antivirus companies besides ESET had also spotted the malware, although none appeared to have taken a close look at what it was doing. Two months ago, however, ESET shared samples of Georbot with security companies, which has led to improved detection rates for the malware. Even so, the malware continues to be active, with ESET saying it saw the most recent variants launched Monday.
Get Started > >