Virus Type: Spyware, Advanced Persistent Threat
Wild Neutron (also known as “Jripbot” and “Morpho”) is a powerful threat actor with a wide range of interests — from big IT enterprises and spyware developers to [online?] terrorist forums and bitcoin-related companies. Kaspersky Lab’s experts believe that it is a significant entity engaged in espionage, possibly for economic reasons. Wild Neutron uses a number of methods, including hacked forums as watering holes, zero-day exploits for propagation and stolen legitimate certificates to sign malware. It appears that it has been active since 2011.
Kaspersky Lab has been able to identify several victims, in the following countries:
Targets of Wild Neutron attacks include:
You might be a target for Wild Neutron if the following risk factors are familiar to you:
Indicators of compromise for Wild Neutron are available at Securelist.com
Kaspersky Lab products detect the malware used by the Wild Neutron attacker as: Trojan.Win32.WildNeutron.gen, Trojan.Win32.WildNeutron.*, Trojan.Win32.JripBot.*
To protect against Wild Neutron attacks, make sure you follow basic security best practices: