The ‘sLoad’ malware was discovered back in 2018.

It delivers various Trojans to the infected computers, including but not limited to the banking Trojans Ramnit, Gootkit and Ursnif.

Some of the most important characteristics of ‘sLoad’ is its ability to gain information about the infected computers before delivering its malicious payload.

This malware may collect information about the processes running on the infected machines, the existence of Citrix-related files and the existence of Outlook.

In January 2020, Microsoft published an article informing the general public about a new version of ‘sLoad’.

Microsoft called the new version Starslord 2.0. In addition to the basic functionalities of ‘sLoad’, this advanced version includes new features which makes it more dangerous than its predecessor.

Similarly to ‘sLoad’, the operation of Starslord 2.0 can be divided into four stages:

• infecting Windows systems,
• collecting information about the infected systems,
• sending all collected information to a command-and-control server and,
• upon request of the malware creators, installing specific malware on the infected computers.

The new features of Starslord 2.0

The new Starslord 2.0 differs from ‘sLoad’ in three aspects:

1. has a new tracking feature providing information about the stages of the infection process,
2. uses WSF scripts instead of VB scripts during the infection process and
3. includes an anti-analysis trap.

So what should you know about them?

The tracking features can only be seen as revolutionary.

It is the first malware that can track and group infected machines on the basis of their stage of infection.

With this feature, the operators of Starslord 2.0 are able to customize the commands they send in accordance with the stage of the infection of the targeted machines.

• Anti-analysis trap included in Starslord 2.0 allows the creators to identify the hosts of security researchers, create profiles of them and avoid sending malicious payloads to those hosts. This function is called ‘checkUniverse’.
• Tracking functionality as well as the anti-analysis trap, makes this malware a dangerous tool in the hands of fraudsters providing pay-per-install malware services.
• Term “pay-per-install” in the context of malware, refers to receiving payments for each successful installation of a specific malware application.

The best measures to identify and avoid your computer being infected with Starslord 2.0 need to include complex behaviour-based machine learning processes.

To avoid costly mistakes and the risk of being infected, it is best to have the right kind of protection for your needs.

Why not contact us today and get your FREE consultation to get the best, customised help for your needs?

Contact us HERE and we will be more than happy to help.