Predator the Thief

Predator the Thief, also known as Trojan.Predator.A, is a dangerous infection that targets vulnerable Windows operating systems and their careless users. According to our malware researchers, this dangerous threat is likely to exploit spam emails and vulnerabilities to drop the infection seamlessly. Once in, it can gather extremely sensitive information, as well as general information about the computer, the operating system, and its user. While this information is unlikely to have an impact on the victim’s security, if cybercriminals obtain sensitive information, identity theft can be performed, and that opens up doors to all kinds of attacks. Without a doubt, if you have found out that you need to remove Predator the Thief from your Windows operating system, you need to take care of it as soon as possible. If you are still not sure about it, install a legitimate malware scanner right away. If this scanner is reliable, you will be warned about all active infections.

It appears that the malicious Predator the Thief has been active since July 2018. Unfortunately, this info-stealing malware is sold to anyone who is willing to pay, and that means that there are multiple different versions of it. While the basic functionality stays the same, the attackers behind the infection could add to it or change some things around. For example, while the initial versions of this malware were usually dropped to %TEMP% and %APPDATA% directories, the later versions became fileless, making them even more clandestine and hard to uncover. In most cases, however, this infection was spread using misleading messages via email. Fake documents and archives attached to these messages looked harmless, but if they were opened, Predator the Thief was executed silently. It was also found that a WinRAR vulnerability (CVE-2018-20250) was used to aid the execution of the infection. If the vulnerability was patched with an appropriate update, if the victim was not fooled by the misleading message, and if the system was protected by reliable anti-malware software, the Trojan would not stand a chance. Unfortunately, Windows users continue to be careless.

Once in, Predator the Thief does not waste any time. Down to its core, it is an info-stealer, and so that is what it does best. As we mentioned already, this malicious Trojan can record basic information about the system and the computer, including the version of the operating system or its user’s name. Of course, it can be much more intrusive than that. Unfortunately, it can steal information from files. Specifically, it goes after files with .doc, .docx, .log, and .txt extensions. It also collects data stored within browsers, which include Chromium, Chrome, Firefox, Opera, Torch, and many others. Predator the Thief even steals cookies, which might include login credentials, browsing preferences, and other sensitive information. It was found that the Trojan also looks for Steam and Discord logins specifically, and it can obtain data from the cache files of Telegram. Digital wallets, such as Bitcoin, Bytecoin, Electrum, or Ethereum, are not safe either. The infection does not ignore Filezilla and WinFTP software files too. Finally, it can gather any kind of information by capturing screenshots and, potentially, video recorded using connected webcams. All information is sent to a C&C server for cybercriminals to access.

Although deleting Predator the Thief manually might be challenging, an automated anti-malware tool will have no trouble eliminating this malicious threat. Considering that you need reliable Windows protection that such a tool can provide, you should not hesitate to take this route. Of course, while you can solve the removal issue quite easily, if your virtual security was jeopardized, you could continue experiencing aftershocks of this attack for a long time. Without a doubt, you need to make sure that all of your virtual accounts are safe, and that means that changing passwords should be your number-one priority. Do this only after you are 100% sure that your operating system is free from malware. If you change your passwords before fully removing Predator the Thief, new passwords could be recorded as well. Once you secure all of your accounts, beware of any attacks that you could face in the future. For example, cybercriminals could send you emails containing personal information to terrorize or scam you again.

Predator the Thief Removal

1. Simultaneously tap Win+E keys to launch Windows Explorer.
2. Into the quick access filed at the top, enter %TEMP% to access the directory.
3. Tap Ctrl+A keys to select all items and then tap Delete.
4. Enter %APPDATA% into the quick access field.
5. Delete any files and folders that you can associate with malware (do not remove harmless data!).
6. Once you Empty Recycle Bin, scan your system for leftovers using a legitimate malware scanner.