Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 166: Understanding a Trojan known as "Micropsia"
Reference Number: ACG-CSB 060619166
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Trojan.Micropsia is one of the most vicious and perilous trojan infection that sneaks into a Personal Computer (PC) secretly. It can attack almost all system that executes on Windows based platform. Like other trojan infection, it also implants some of the malicious code into affected PC and browser. The sole intention behind the creators of this trojan is to snatch user's access from PC. It can make browsers and PC runs abnormally and to have the worst browsing experience. What makes it worst is that it gathers the victims’ sensitive data and exposed them to the public.
Trojan.Micropsia manages to install its malicious exploit kits by attaching itself to freeware application. Other ways through which it enters a machine is by infecting removable device or through Peer-to-Peer (P2P) file sharing. It was developed to create mutual exclusion object (mutex) to hide its infectious files and symptoms from any security application. In case that it completely installs its malicious components, it traverses the system settings. Trojan.Micropsia create its own start-up keys to begin the process of execution whenever the user log-on in the system.
The ill effect of this Trojan can affect the system’s efficiency. Initially, it will conduct changes in the default privacy or security settings of the PC to take over of its control. This threat is fatal for it is capable of corrupting all stored files or data by adding malignant payloads. Even more, the victim will also detect modification in the registry entries which helps the threat to load automatically after the start up process of the system. To increase the Central Processing Unit (CPU) utilizations, it will create fake processes in the task manager which slows down the speed and eventually degrade the machine. It will also interrupt your attempt to install new application software and prompt pre-installed programs to stop responding. Thus, it is highly recommended to wipe out the presence of Trojan.Micropsia completely from the system to avoid further troubles.
Trojan.Micropsia usually come along with free wares, junk mail, surfing unsafe sites, peer to peer sharing of data and sometimes it even gets sneaked via social networking sites. Users may notice that certain actions on their system are taking longer time to execute. If system is showing slower PC performance, it is a major sign that your PC is infected.
Trojans are incredibly good at hiding. The whole point of their existence is that they trick users into install them and work behind the scenes to achieve their aim. If you fall victim, you may not even realize it until it is too late.
In this regard, the community are advised to be careful in opening emails from anonymous/unknown sender. This will go a long way in keeping malware/trojans away and preventing the systems from being compromised.
The public are advised to follow these tips in order to understand the risks and prevent being victimized by trojan Micropsia, to wit:
- Do not open a link in an email unless you are confident that it comes from a legitimate source;
- Do not download or install programs if you do not have complete trust in the publisher;
- Update your operating system’s software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs;
- Do not click on pop-up windows that promise free programs; and
- Back up your files regularly.
For additional information, please refer to the following websites:
POINT OF CONTACT