How to Remove the Vyveva Backdoor Trojan

The Vyveva Backdoor Trojan is a malicious piece of software whose development and usage is attributed to the Advanced Persistent Threat (APT) actor known as Lazarus. The Lazarus APT is behind some of the most notorious cybercrime campaigns in the past years, such as the Sony Pictures hack, as well as their frequent attacks against South Korea-based companies and entities. There is a strong suspicion that Lazarus is a state-sponsored organization operating from North Korea.

The Vyveva Backdoor Trojan is by no means a new threat, but its infection rate has spiked recently, which is likely to be the result of a new attack campaign being carried out by the Lazarus APT hackers. The malware was first spotted in 2017, and it currently appears to be used against South African companies involved in the transportation and logistics businesses.

The Vyveva Backdoor Trojan features several components, which are meant to help it conceal its files and gain persistence. The latter task is accomplished by creating a new, fake Windows Service, which is configured to start automatically whenever the system boots up. Once active, the Vyveva Backdoor Trojan connects to a remote control server and listens for new instructions actively. The malicious operators are able to execute a large number of pre-defined commands, which enable them to:

  • Modify and saved files.
  • Get information about drive partition configuration and contents.
  • Upload files or folders to the control server.
  • List folder files.
  • Manage running processes.
  • Self-destruct.

The Vyveva Backdoor Trojan is also able to execute several other specialized tasks that are meant to help avoid detection, ensure persistence, and more. The Lazarus APT's recent campaign expands the reach of the hackers even further, as this is one of their first campaigns to target the South Africa region. Despite the advanced malware that the Lazarus APT hackers use, their attacks are still mitigable with the use of a reputable anti-malware software suite.

April 9, 2021

Leave a Reply