Iranian Malware Trojan key-logger Enters via Backdoor

Security researchers Christiaan Beek & Ankit Anubhav from McAfee Labs have traced a new Trojan malware & key-logger on a Middle-East forum named Marmoolak, with intention to attack other users on forum.

According research Marmoolak Trojan is part of an Advanced Persistent Threat (APT) attacks chain kill, refer to Lockheed Martin described APT model.

Marmoolak is a Persian word for Lizard , This Trojan malware after install on victims computer use keylogging and captures users’ keystrokes ,all credentials and links then make encrypted log and send it to the email address [email protected] ,Iranian hackers use .tk domains for hosting malwares and illegal software and movies.

Iranian Marmoolak Key- logger to prevent detection at runtime used modified UPX executable packer which is to download for free on sourceforge.net ,and have this MD5 hash “F09D2C65F0B6AD55593405A5FD3A7D91”.

Marmoolak