- Slow Computer
- System crashes
- Normal system programs crash immediatelly
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Datper is a threat that is targeted at Japan and South Korea industries like electric power, machinery, aviation, transportations, etc. It looks like it was developed by a group of cybercriminals who may call themselves Tick. Also, our researchers say it is likely that the hackers are from China. Their goal could be stealing sensitive information, disrupting work in targeted organizations, spreading other malware, and so on. Further, in this text, we discuss the malicious application’s distribution, its practical manner, and other essential details. Even though it is possible to remove Datper manually, and we display instructions showing how to do so at the end of this article, we do not recommend it for inexperienced users. It is safer to deal with such threats while using a reliable antimalware tool. Usually, all you have to do is perform a full system scan and press the deletion button displayed afterward.
To begin with, Datper falls under the classification of backdoors. Such tools can be used to gain authorized or unauthorized access to systems, computers, applications, etc. Of course, in this case, we are talking about a harmful program created by hackers, which means it was designed to go around security measures of targeted computers and carry out malicious tasks. Our researchers say the threat uses other malware to get in, and it could be done by exploiting a targeted system’s vulnerabilities. Therefore, the best defense against such attacks is a device that is weakness-free. To achieve this, a computer’s operating system and other software installed on it should be up to date. Also, it is crucial to use strong passwords and security tools that could help detect suspicious activity and guard a system against various threats.
Moreover, it appears the malicious application could drop its launcher in a random directory. The research shows such files could have names that might make them look legit, such as msupdate.exe. For example, in our case, the sample we tested created an executable file called comine.exe that appeared in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup location. It communicated with the following server oonumaboat.com/cx/index.php. Datper might receive commands from this server that it should carry out afterward. According to specialists, the malware can obtain system information, for example, host’s name, operating system’s name and version, hardware information, etc. Plus, the threat might be able to launch programs or execute Shell commands, manipulate files, enter sleep mode, and configure communication interval.
Since the malicious application can connect to the Internet without any permission, it should be able to communicate with its creator’s server as long as there is access to the Internet. Besides, it is essential to know that Datper might relaunch itself with every system restart. Meaning, if a victim turns off his computer, the malware might resume its work as soon as the system reboots again. The reason why the threat might be able to do this is because of the earlier mentioned file that our tested sample created in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup directory, upon its installation.
As mentioned earlier, it is unlikely that Datper is targeted at regular home users, since the hackers behind it seem to be attacking Japanese and South Korean organizations from various industries. It is impossible to say what the exact cybercriminals goal is because the malicious application has multiple capabilities, but it could likely be used to steal sensitive information, which could be utilized for future attacks and scams. Also, the hackers may want to disrupt work on targeted organizations as some of the backdoor’s functions suggest it. There is no doubt that the faster Datper gets erased, the safer the targeted victim’s computer and sensitive information on it will be.
Therefore, it is best not to waste any time and eliminate the backdoor as soon as you realize it is on your system. If you think you are experienced enough, you could try using the instructions located below that explain how one could erase the malware manually. Just keep in mind, we cannot guarantee they will work, as the malicious application might have multiple versions that could work differently. On the other hand, if you do not know a lot about deleting malware, it might be best to leave this task to a reputable antimalware tool and the help of your organization’s cybersecurity experts.