Skip to main content
Home Sabsik

Sabsik

Category: Malware

Type: Spyware

Platform: Windows

Variants: Win32/Sabsik.TE.A!ml, TrojanSpy.Win32.Sabsik.B, Win32/Sabsik.FL.A!ml, Trojan.Win32.SABSIK.AA.

Damage potential: Financial data theft, unauthorized system access, disabled security software, system instability and crashes, and file modification.

Overview

Sabsik is a trojan that targets Windows systems and focuses on stealing financial data. In addition to information stealing, it can also act as a dropper, enabling attackers to exploit a victim's computer by spying, taking remote control, and installing ransomware, spyware, and coin miners.

Although Sabsik's main goal is to steal banking information, it can also collect other sensitive information, such as usernames, passwords, system information, and email credentials. The fact that it steals email credentials is especially dangerous because the malware then self-propagates by spamming infected emails, rapidly infecting multiple systems.

Once Sabsik infects a system, it creates a registry key in the infected system's registry, which activates the malware every time you turn on your computer. The worst part is that Sabsik is hard to detect because it uses various techniques, like deep packing and obfuscation, to evade detection by antivirus software.

Possible symptoms

If you notice any of the following symptoms, your system could be affected by Sabsik:

  • Unexpected system slowdowns or crashes.
  • Unauthorized access to sensitive information.
  • Unfamiliar programs or processes running in the background.
  • Disabled security software or changed firewall settings.
  • Unusual network activity or connections to unknown servers.

Sources of the infection

The Sabsik trojan typically spreads through spam with hidden attachments containing malicious scripts. When a user unknowingly opens these files, the script activates and downloads the malware, infecting the system without the user's knowledge. Sabsik can also infect computers through:

  • Downloading software or files from untrusted or compromised websites.
  • System vulnerabilities of outdated software.
  • Infected removable media, such as USB drives, memory cards, and hard drives.

Protection

The best way to protect your system from trojans like Sabsik is to educate yourself on what techniques hackers use to infiltrate computer systems. Other proactive measures against Sabsik include:

  • Updating your software. Regularly update your operating system, programs, and applications to patch known vulnerabilities and prevent strangers from exploiting them.
  • Using reputable security software. Install and keep updated a trusted antivirus that will protect your computer from Sabsik and similar trojans.
  • Being cautious with email attachments. Never open attachments or click on links from unknown or suspicious senders.
  • Using Threat Protection Pro™. Purchase NordVPN with Threat Protection Pro™, which blocks malicious sites and scans your downloads for malware.
  • Creating complex passwords. Protect your every account with a strong password mixing letters, special characters, and numbers. Never reuse passwords on multiple accounts.
  • Disabling macros. Be cautious with documents that ask you to enable macros — this is a common method for malware execution.

Removal

If you think your computer might be infected with the Sabsik trojan, you should first disconnect from the internet. This helps stop the malware from stealing your data or downloading even more malicious software. Once you're offline, restart your computer in safe mode — this keeps Sabsik from running when your system boots up.

Next, run a full scan using reliable antivirus software to detect and remove the trojan. After removal, take a moment to update your passwords, especially for accounts you accessed on the infected device.

If Sabsik persists, it's a good idea to reach out to a cybersecurity expert. They can help fully clean your system and make sure everything's secure again.