How to Remove the Vyveva Backdoor Trojan

The Vyveva Backdoor Trojan is a malicious piece of software whose development and usage is attributed to the Advanced Persistent Threat (APT) actor known as Lazarus. The Lazarus APT is behind some of the most notorious cybercrime campaigns in the past years, such as the Sony Pictures hack, as well as their frequent attacks against South Korea-based companies and entities. There is a strong suspicion that Lazarus is a state-sponsored organization operating from North Korea.

The Vyveva Backdoor Trojan is by no means a new threat, but its infection rate has spiked recently, which is likely to be the result of a new attack campaign being carried out by the Lazarus APT hackers. The malware was first spotted in 2017, and it currently appears to be used against South African companies involved in the transportation and logistics businesses.

The Vyveva Backdoor Trojan features several components, which are meant to help it conceal its files and gain persistence. The latter task is accomplished by creating a new, fake Windows Service, which is configured to start automatically whenever the system boots up. Once active, the Vyveva Backdoor Trojan connects to a remote control server and listens for new instructions actively. The malicious operators are able to execute a large number of pre-defined commands, which enable them to:

  • Modify and saved files.
  • Get information about drive partition configuration and contents.
  • Upload files or folders to the control server.
  • List folder files.
  • Manage running processes.
  • Self-destruct.

The Vyveva Backdoor Trojan is also able to execute several other specialized tasks that are meant to help avoid detection, ensure persistence, and more. The Lazarus APT's recent campaign expands the reach of the hackers even further, as this is one of their first campaigns to target the South Africa region. Despite the advanced malware that the Lazarus APT hackers use, their attacks are still mitigable with the use of a reputable anti-malware software suite.

By Ruik
April 9, 2021
Malware
English
April 9, 2021
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

How to Remove FoundCore Malware

FoundCore Malware is an old, but newly identified malware family, which is being used and developed by an Advanced Persistent Threat (APT) group tracked under the alias APT27 (also known as Cycldek or Goblin Panda.)... Read more

April 7, 2021
Malware

How to Remove FlixOnline Malware

Cybercriminals are using a fake promotional offer for Netflix, to propagate a new piece of Android malware. The corrupted Android application, dubbed FlixOnline, is promoted through emails, advertisements, and... Read more

April 8, 2021
Malware

How to Remove Janeleiro

Banking Trojans are the preferred malware by cybercriminals in Latin America. Typically, these threats are very active in Brazil and the surrounding countries, and Janeleiro fits this exact profile. This banking... Read more

April 7, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.