Versatility is the hallmark of any technology and a new piece of malware fills that bill as it can steal information, launch distributed denial-of-service (DDoS) attacks, and act as a SOCKS proxy server, researchers said.
Developers of the Napolar malware started advertising the Trojan in around May 2013, but the malware became active at the end of July, said researchers at ESET and Avast.
The main areas hit so far have been in South and Central America, in countries such as Colombia, Venezuela, Peru, Argentina, and Mexico. However, there are other victims in Poland, the Philippines and Vietnam.
Napolar is undergoing a marketing push on a professional-looking website where its developer named it Solarbot and sells each build for $200, the researchers said.
The Solarbot website, the researchers said, explain the threat has been developed in Lazarus IDE for Free Pascal. The malware is capable of launching various types of DDoS attacks; grab HTTP, HTTPS and SPDY form data from Internet Explorer, Chrome and Firefox; and steal POP3 and FTP login credentials from most email and FTP clients.
Researchers said Napolar distributes via Facebook as files entitled something like “Photo_032.JPG_www.facebook.com.exe.” When the file ends up executed, the victim sees several images of attractive young ladies. In the meantime, the Trojan downloader steps into play.
“Since malware has the ability to steal Facebook credentials, its operator can reuse those credentials to send messages from compromised accounts and try to infect the victim’s friends,” said ESET Security Intelligence Program Manager Pierre-Marc Bureau.