Malware is quite troubling for internet surfers, because it starts from accident or even curiosity, making internet surfers experience huge losses due to malware infections. Therefore malware is very worth watching out for, various types of malware are ready to infect your device, one of which is Ave Maria. So what is Ave Maria? What is the infection mode of Ave Maria?

Ave Maria is a high-risk trojan designed to steal various information and cause a "chain infection" (spreading other infections). This trojan is usually spread by spam email mode.

Cybercriminals typically send thousands of fraudulent emails containing infectious attachments, most of which are Microsoft Office files (usually Excel). The emails are sent with a message encouraging users to open the attached document, however this results in infiltration into Ave Maria.

Users of this virus often target small companies/businesses, rather than regular users. Therefore, most recipients are employees/owners of various companies and businesses. However, this does not mean that regular users are safe. Ave Maria virus is designed to track information and record all the victim's activities (including any keystrokes on the victim's gadget).

This type of malware is used to collect personal information, such as passwords (from email, social networks), credit card information, and so on, which can be very dangerous if the information is successfully stolen. Cybercriminals aim to generate as much revenue as possible. Therefore, they tend to misuse stolen accounts.

If they gain access to bank accounts, they can steal all the funds through transfers to their accounts or through online purchases. Email, social networks, and other accounts can be used to steal identities and perform various malicious actions (e.g. sending malware to the victim's contacts, asking contacts to lend money, and so on). In addition, Ave Maria injects the system with additional malware.

What is interesting is that Ave Maria's process icons are not genuine (e.g. the "Firefox" process icon is a blurred square instead of the original icon which is a fox scattered around the world). This makes it possible for you to distinguish the fake process.

Additionally, the malware is designed to change Windows Defender settings and prevent it from scanning the entire disk where Windows is installed (usually the C:\ disk). This happens because the Ave Maria file is hidden in the Windows directory (there are several duplicates, one of which is hidden in the "%APPDATA%" folder) and adds Windows registry entries.

If you find any questionable processes running, and suspect the presence of Ave Maria, scan your computer immediately with a reputable anti-virus/anti-spyware suite and eliminate all detected threats.

How to Avoid Malware Installation

To prevent this situation, you simply need to be careful when browsing the internet. Think twice before opening spam email attachments. If the sender seems suspicious/unrecognizable or the attached link/file is irrelevant, do not open anything.

Remember that cybercriminals often try to abuse recipients' curiosity by sending fraudulent messages, such as "you have received a package", "you have won the lottery", and so on. Unfortunately, many users fall for these scams, hoping to get something for free but losing out instead. Therefore, you should never trust such messages.

Install and run a reputable anti-virus/anti-spyware suite, as these programs usually detect and eliminate malware before any damage is done. Lack of knowledge and careless behavior are the main reasons for computer infections. The key to safety is caution.

If you believe your computer has been infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically remove compromised malware.

Ave Maria trojan feature list:

• Camera Exfiltration
• Cleanup
• Code Injection
• Download and Execution
• File Management: creation, download, exfiltration, deletion
• Info-stealer support:
• Firefox
• Foxmail
• Google Chrome
• Internet Explorer
• Outlook
• Thunderbird
• Offline Keylogger
• Persistence
• Privilege Escalation, support from Windows 7 to Windows 10
• Processes Management: enumeration, termination
• RDP using rdpwrap

Reference:

https://www.pcrisk.com/removal-guides/14467-ave-maria-trojan

https://www.malwarebytes.com/blog/detections/backdoor-avemaria#:~:text=a%20victim%20PC.-,Backdoor.,subscription%20on%20the%20dark%20web.

Want to know more information, please visit our website at:

https://agus-hermanto.com/

Don't forget to follow our other social media

Instagram          : hdnmetatech

linkedin              : https://www.linkedin.com/company/herdina-metatech-sinergi-corp

Facebook           : Herdina Metatech Sinergi Corp