Also known as: -
Category: Malware
Type: Remote access trojan (RAT)
Platform: Windows and Linux
Variants: ELF
Damage potential: Data theft (e.g., passwords), remote device access and control, additional malware installation, surveillance, keylogging, financial loss, data exfiltration, and system disruption.
Overview
Manjusaka is a relatively new remote access trojan (RAT) used for cyberattacks. This malware uses Rust programming language for its payload, enhancing its cross-platform capabilities. Its command and control (C2) system is developed in GoLang and features a Simplified Chinese interface.
Manjusaka can run any command on an infected device, steal browser passwords, collect Wi-Fi passwords, take screenshots, and gather detailed system information. Manjusaka targets Chromium-based browsers, including Opera, Brave, Vivaldi, Yandex, and Epic browsers. However, its primary targets are Chrome and Microsoft Edge.
Possible symptoms
Possible symptoms of a Manjusaka infection include:
- You notice apps that you did not install yourself.
- New user accounts created on your device.
- Slow system performance.
- Sudden device or app crashes.
- Unexpected prompts asking for permissions or admin access.
- Unusual network traffic (e.g., data transmissions to unknown command and control servers).
- Suspicious pop-ups, warnings, or notifications.
- Frequent browser redirects to unfamiliar websites.
- Unauthorized financial transactions or suspicious account activity.
- Device overheating (typically due to excessive background processes).
- Changes in settings (this may involve disabled security features or unauthorized permissions for apps).
Sources of infection
Manjusaka can spread in many ways, often through social engineering tactics that trick users into downloading and installing the malware on their Windows or Linux devices.
- Phishing links. If you have clicked on a malicious link or malvertising or opened an unsafe attachment, you may unknowingly download Manjusaka. This risk also applies to phishing emails, SMS messages, or messaging apps.
- Drive-by downloads. Users may accidentally download Manjusaka when they visit a compromised website.
- Exploiting cybersecurity vulnerabilities. Manjusaka may infect a device by exploiting security vulnerabilities in the Windows or Linux operating system or in browsers.
- Fake updates. Manjusaka can disguise itself as a legitimate update for your software or browser.
- Compromised software. You may unknowingly download Manjusaka by installing software from untrusted sources that contain the malware.
- Infected documents. Manjusaka can hide in documents like PDFs or Word files.
Protection
To protect your device, always accept update notifications from your antivirus software or any malware protection app on your device. Additionally, consider these measures to safeguard your device and personal information even further:
- Regularly update your software. Manjusaka is known to target security vulnerabilities. Keep your software updated to protect your devices from the latest cybersecurity threats.
- Download updates and software from trusted sources. Only use official and reliable sources for downloads.
- Enable multi-factor authentication (MFA). While multi-factor authentication itself can’t prevent a Manjusaka infection, it can help protect your accounts even if Manjusaka steals your passwords.
- Be wary of phishing emails. Manjusaka can spread via phishing and spam emails. If you get an email that sounds off or urges you to click on a link, act with caution.
- Stay alert while browsing. Hackers may use malicious ads or create fake websites that look legitimate to spread Manjusaka and other trojans. Pay close attention to the websites you visit, and be cautious about the links you click on.
- Use NordVPN’s Threat Protection. For a generally safer online experience, use NordVPN’s Threat Protection feature. It works with browser extensions on Windows and Linux devices and blocks malicious sites.
Manjusaka removal
Removing Manjusaka from a Windows device can be challenging because it may grant itself device administrator privileges to prevent removal. Therefore, before uninstalling, you must revoke any device administrator privileges that Manjusaka may have obtained through your operating system's security settings or control panel. You can do this through "Settings" > "Security" > "Device administrators."
Reboot your Windows device into safe mode to prevent the malware from starting up automatically. Also, disconnect your device from the internet to prevent the malware from communicating with its C&C servers. Then, use reputable antivirus or anti-malware software to run a full system scan. Follow the steps provided by the software to quarantine and remove the malware.
If the antivirus software cannot fully remove Manjusaka, consider manually deleting its files and registry entries. This process can be risky and complex, so ensure you follow a trusted guide or seek professional assistance. Also, ensure your operating system, software, and drivers are up to date with the latest patches and updates to close vulnerabilities that Manjusaka might exploit.
If the malware persists, consider performing a factory reset on your Windows device. However, before you do this, back up any important data — such as photos and documents — to ensure you don’t lose anything valuable. Manjusaka removal on Windows can be complicated, so if you’re unsure what to do next or the malware persists, seek help from an experienced IT professional or cybersecurity expert.
Removing Manjusaka malware from a Linux device is tricky and requires advanced technical skills. Trying to do it yourself can lead to more problems and possible data loss. To ensure it's done right and safely, it's best to contact a professional for help.