Do you know what GraceWire is?
Cybersecurity specialists warn about a Trojan called GraceWire. The threat was created by a group of cybercriminals known as Evil Corp, which is responsible for a vicious banking Trojan called Zeus. The hackers managed to steal millions of dollars with their previous malicious application and now they come back with an improved threat that is better at hiding from antivirus software. Further in this article we talk more about Evil Corp as well as how GraceWire might work and how it is better than Zeus. Also, we discuss how users could eliminate this malicious application if they suspect it might be on their system. If you have any questions about the Trojan that you want to ask us, feel free to use our comments section available at the end of this page.
Before we start discussing the Trojan’s possible working manner, it is vital to talk about its distribution. Researchers say that the way GraceWire is spread is what makes it better than Zeus, the threat that was used by Evil Corp before GraceWire was developed. The new Trojan is spread via spam emails like Zeus, but unlike its predecessor, the malicious application is being spread while using HTML redirections. It means that instead of attaching a malicious file that already carries the malware, the hackers might redirect users to website from which the infected file would be downloaded. As a result, the file might not get checked by the email provider for threats. Microsoft specialists who researched the emails carrying the Trojan said that it is not yet clear if the HTML redirectors are URLs in the email texts or if they are added to the files attached to the malicious emails. One way or the other, if the malicious URL is activated, it should automatically download a malicious Excel file.
What happens if you open the malicious Excel file that downloads automatically after interacting with HTML redirectors placed on the email that is distributing GraceWire? You should be asked to enable editing and if you do so, the malicious application ought to be dropped on the system. Researchers say that other tools used by Evil Corp, such as Zeus or Dridex were banking Trojans. As for GraceWire, it appears to be an infostealer, which means the malicious application might be programmed to record various kinds of information. Since Evil Corp seems to be a financially motivated group of hackers, it is possible that the Trojan could gather banking details and other information that could help hackers steal victims’ money. It is also important to mention, that cybercriminals may target both home users and businesses. Thus, we recommend being cautious and not to open any links or attachments or click any buttons received with emails from unknown or doubtful senders.
Lastly, if you think that the Trojan could be on your system, we advise you to delete GraceWire as fast as possible. Usually, we display a removal guide that shows how to erase the discussed threat manually, but this time, the task could be too challenging. Therefore, the instructions available below explain how to delete GraceWire with a chosen antimalware tool.
Erase GraceWire
- Restart your computer in Safe Mode with Networking.
- Choose a reputable antimalware tool and install it on your computer.
- Do a full system scan and wait till it is over.
- Click the provided deletion button to remove the Trojan and other detected items.
- Restart your device.
In non-techie terms:
GraceWire is a malicious application that falls under the classification of Trojans. Such threats can enter a system without any permission and hide until they complete their tasks. Usually, such malicious applications have various capabilities. For example, they might be able to spy on victims and gather sensitive information, infect the device with more threats, copy or delete files, erase itself, and so on. However, this threat appears to be an infostealer, which means that its main purpose is probably to steal sensitive information. It is also likely that the targeted data could be victims’ baking details as this group of cybercriminals are financially motivated. Either way, it is advisable to erase it from your system as soon as possible if it gets in. As you can imagine it is difficult to delete a Trojan, which is why we advise leaving this task to a reputable antimalware tool that could erase GraceWire for you. If you need more concise instructions, you could use the removal guide that is available a bit above this paragraph.