New remote access Trojan Trochilus used in cyberespionage operations
A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.
The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites.
The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities.
Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans: PlugX, 9002, and the new Trochilus.