Czech Republic Trojan: Avalanche-Like Spread Warns of Cyber Threat

Except for the first place in the ranking, CloudEye rose practically from scratch. Just a few weeks ago, practically no one had heard of this threat, it did not even make it into the top ten most widespread viruses.

It is currently behind a quarter of all detected attacks on Windows in the Czech Republic. This beautifully illustrates the power with which cyber crooks attacked domestic users before Christmas.

According to security experts, this uninvited visitor appeared in the Czech Republic in the past, but the number of attacks was so low that virtually no one paid attention to him.

“Malicious code, which we refer to as CloudEye, is not new in the Czech Republic. However, we have not seen it to such an extent in our environment,” said Martin Jirkal, head of the analytical team at the Prague research branch of the antivirus company Eset.

In addition, in the past, this intruder appeared more often abroad. “The presence of this malicious code in the Czech Republic is not good news,” Jirkal did not hide his worries about the new threat.

“Once again, this shows us that the attackers want to make the most of the current period before the end of the year to their advantage,” stated the security expert. He alluded to the fact that together with the Christmas holidays, the attack season peaks – cybercriminals take advantage of the fact that people are far less cautious in the pre-Christmas rush and let themselves be caught in tricks that they wouldn’t fall for in other parts of the year.

CloudEye is a very sophisticated malicious code. “It is adapted so that it is not so easy to analyze. Its primary function is to download other malicious codes to the device. In the Czech Republic, it has always been mainly infostealers Agent Tesla and Formbook, which also appeared at the top of our statistics in November,” Jirkal added.

CloudEye actually opens a backdoor into the Windows operating system through which attackers can spread other malicious codes.

This uninvited visitor is most often spread through spam emails. Users drop it into their machine themselves if they open the attachment. “The intercepted attacks were adapted to Czech users,” the security expert emphasized.

The fake emails pretended to be reviews, order summaries and contracts. According to him, we could most often come across this malware when launching the e-mail attachment “PO_54333677011_678978687_Zádná recenze.vbs”. The attackers then passed off the email itself as a summary of the order. The attachments “Contract-pdf.js” or “NV11036587-, Predpis_pojistne_smlouvy_c_3268222706.bat” also appeared.

As can be seen from the lines above, the key is to carefully monitor which attachments we open. In the case of unsolicited e-mails, we should never open them and rather delete them straight away.

In the past, the aforementioned malicious codes Agent Tesla and Formbook were also widely spread in the Czech Republic via unsolicited e-mails. As can be seen from the lines above, the attackers have now changed their tactics and are sneaking these viruses into foreign machines via the CloudEye Trojan.

Agent Tesla belongs to the so-called spyware. These are malicious codes that play spies on the computer – they try to stay hidden as long as possible in order to steal user data undetected.

“The biggest risk is spyware for passwords that we store in Internet browsers. Web browsers are not sufficiently protected against spyware attacks. Attackers then profit from monetizing the data obtained in this way, selling the login data themselves, or from the ransom for making services available again,” warned Jirkal.

FormBook will do almost exactly the same mischief as Agent Tesla on your computer. This threat should not be underestimated either.