Vulnerable computer systems and applications:
Matsnu is a malicious software code, also known as a Trojan, which often enters users’ devices via spam emails. The malware performs the following activity on an infected device:
- Copies itself to several operating system directories;
- Modifies system registry keys;
- Connects to a remote C&C (Command & Control) server, thus opening a backdoor;
- Sends device information to the C&C server.
If an attacker uses the backdoor opened by Matsnu, he/she can send commands to the device, thus gaining full control of the device and files.
- Disable the malicious trojan process;
- Check the values of these registry entries containing the malicious files generated by Matsnu:
- Delete specified malicious files and these entries;
- Restore the owner of the entry:
SoftwareMicrosoftWindows NtCurrentVersionWinlogon (HKEY_CURRENT_USER)
- Perform a full system scan with an antivirus program.