Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Virus Bulletin: Keeping Up with the Stegoloader Trojan

As CYREN’s GlobalView security cloud churns through billions of pieces of information every day, our researchers are busy examining how certain threats work in order to make the whole automated system continuously smarter.


Certain threats we find represent marked “advances” in intrusion techniques. A deep dive on the mechanics of one notable recent “advance” was published today by Virus Bulletin. Lordian Mosuela, one of our anti-malware experts, walks through a new development in the notorious history of the Stegoloader trojan, which was initially detected by CYREN last year as W32/Gatak and is used principally as a distribution vehicle for malware which steals sensitive information or installs the scourge of the moment, ransomware.

The attention-grabbing aspect of this is a new method used to evade detection, giving us a “next gen” Stegoloader. The academic term of art for this new class of hiding technique is “digital steganography,” but we can just call it sinister and sneaky.

The article serves as another reminder that the cybercriminal enterprises behind these “products” are smart and sophisticated, and evolve their wares constantly as a market response. As Lordian notes, we are in an arms race, to which we at CYREN are applying not only massive cloud computing and big data heuristics, but some good old-fashioned sleuthing as well.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...