Blog | G5 Cyber Security

Plurox: Modular backdoor

Backdoor.Win32.Plurox is modular, which means that its functionality can be expanded with the aid of plugins. The backdoor uses the TCP protocol to communicate with the C&C server; plugins are loaded and interfaced via two different ports. The malware can install on the victim computer one of several cryptocurrency miners, depending on the particular system configuration. The Plurox family has virtually no encryption, only a few 4-byte keys are applied for the regular XOR cipher. A successful attack will help cybercriminals gain a foothold in the network.”]

Source: https://securelist.com/plurox-modular-backdoor/91213/

Exit mobile version