Millions of malware attacks happen every single day. These attackers come from all over the world with different motivations why they do what they do. Some malware authors do attack computer systems for the money. Some are politically motivated. Some just do it for kicks while some just want to watch the world burn. Conspiracy theorists also believe that malware are also written by antimalware companies so they can constantly sell their products. It is quite logical because who would want to buy antimalware software if there are no malware attacks. That is still a topic of debate, so we’ll just leave that be for now. One of the most dangerous kind of malware is the kind that infiltrates your computer and steal your important data. This kind of attacks have already put a lot of people’s lives in jeopardy and financial ruin.
Infostealer.Boyapki.D is an example of a malware that steals information from infected computers. Technically, this malware is classified as a Trojan horse. This malware was first detected by IT security experts on January 28, 2016, which is quite recent. It can infect computers using the Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP operating systems. This Trojan horse could be infecting up to thousands of computers by now.
This Trojan spreads through downloads from torrents and shady websites. Once it has entered your computer it will automatically create this registry entry to make sure it runs every time the infected computer starts.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ipv4″ = “%System%\rundll32.exe %Temp%\[RANDOM FOLDER NAME]\[RANDOM FILE NAME].dll\,CallWindows”
It will now steal files (.cer and .der) from the NPKI folder and sends those files to these following servers.
The Trojan will also redirect internet traffic on the infected computer to these following sites:
To remove Infostealer.Boyapki.D, you have to first disconnect your computer from the internet for it stop sending data to the attacker’s server. Then you have to boot your computer to “Safe Mode”. You can now run a full scan of your preferred antivirus program. You can use antimalware programs from Avast, McAfee, Norton, Malwarebytes, AVG, and SuperAntiSpyware. A full scan from these reputable software will usually remove Infostealer.Boyapki.D. After doing the full scan you should restart your computer for the changes to take effect.
Always be mindful of the websites that you visit and the files that you download from torrent sites. To stay out of trouble always use reputable IT security software.