What is Gamarue?

26 Mar What is Gamarue?

EN | TH    


What is Gamarue?


Gamarue is a particularly pernicious malware that has been prevalent worldwide but has exceptionally high encounter rates specifically in Asia. It is one of the most threatening viruses on the internet and has been ranked with a severe warning by Microsoft.  Although the virus is several years old, it recently resurfaced in the wake of Microsoft’s Intelligence Security Report (23), which noted that – Bots (like Gamarue) / botnets, easy marks, and ransomware – were the core cybercrime trends from 2017.


What does it do?


Gamarue is a type of malware which enables hackers the opportunity to take control of individual computers, steal information and change settings. A botnet is a network of these infected computers which can communicate with command and control servers.


Large enough botnets can be leveraged to conduct a variety of cybercrimes. The end goal is usually to have a large enough infrastructure that it can be mined for sensitive data and monetized through extortion and/or facilitate advertising fraud, spread malware and send spam.


In November 2017, Microsoft coordinated the disruption of a large Gamarue bot network – a culmination of 2 years of work. There were over 1200 IP addresses and domains, 464 distinct botnets and over 80 malware families in the crackdown. However, post-disruption Gamarue’s pervasiveness is still widespread, with over 23 million IP addresses connecting to the DCU sinkhole from December 2017 – January 2018.


How does it spread?


The Gamarue Bot can be purchased as a crime kit under the name “Andromeda Builder”. Gamarue crime kits include the following: (1) a bot-builder which builds the malware to infect computers, (2) a PHP based dashboard which enables you to manage the bots as well as documentation on how to create a botnet. Gamarue is modular, so you can pay a little extra money and get increased functions: a keylogger at $150, a form grabber at $250 and Teamviewer also at $250.


Gamarue’s core goal is to distribute other malware families. The installation of other malware broadens the scale of the botnet and the capability it has. Hackers can earn money usually as a “pay-per-install” scheme. By using the plugins highlighted above, hackers can also steal your personal information; access to your computer can also be sold. The top 3 malware classes distributed by Gamarue were Ransomware, Trojan, and backdoor.


Why won’t AV keep me safe?


Gamarue attempts to avoid sandboxing, by not infecting computers with malware analysis tools. It will also tamper the operating systems of computers, disabling firewalls, updates and account control functions until the virus has been removed.

Written by Sean Allan, Digital Marketing Manager, Aware Group