SoulSearcher Malware Hides in the Registry, Boasts Modular Structure

The SoulSearcher Malware is a relatively new threat to be discovered by cybersecurity experts. The first clues of its attack were recovered from infected systems in Southeast Asia, and it appears that this is the primary area in which the SoulSearcher Malware creators operate. However, it is entirely possible that the scope of their attack might expand or move at any time.

The SoulSearcher Malware is very advanced, and one of its primary advantages over traditional implants is its ability to operate in fileless mode. It can store its information in the Windows Registry, and then operate out of the Random Access Memory (RAM.) Furthermore, it boasts a modular structure that follows the same modus operandi. This enhances SoulSearcher Malware's ability to evade some security tools, but you should still be safe from its attack as long as you are using an up-to-date anti-malware service.

The code of the SoulSearcher Malware share some similarities with the Gh0st RAT, but it is not clear whether the same group of criminals might be behind both of these threats. The SoulSearcher implant grants its operators the ability to access and operate the infected machine's file system, as well as to execute remote commands. It also deploys a 7Zip app in order to archive and exfiltrate data from the systems it compromises.

The so-called 'Soul' modules that the SoulSearcher Malware uses (hence its name) have virtually endless possibilities – as long as their creators manage to program them to avoid detection. Needless to say, this turns the SoulSearcher Malware into an extremely dangerous threat that should not be underestimated. Thankfully, traditional anti-malware applications should have no trouble terminating this threat on the spot.