Also known as: DeathRansom, Trojan:Win32/Wacatac.H!ml
Category: Malware
Type: Trojan, password stealing virus, banking malware, spyware
Variants: Wacatac.B!ml, Wacatac.C, Wacatac.D
Platform: Windows
Damage potential: Data theft, keylogging, unauthorized access, downloading additional malware, adding devices to botnets, and potential ransomware deployment
Overview
Wacatac is a trojan that breaches Windows operating systems by tricking users into executing a seemingly legitimate file. Once inside, the cybercriminals behind Wacatac can steal sensitive data, install additional malware, or add the infected device to a botnet for coordinated attacks. Known for its stealth, Wacatac often evades antivirus detection by using advanced obfuscation techniques, making it challenging to detect. It’s notorious for its ability to establish backdoors, allowing attackers to maintain access and control over compromised systems.
Possible symptoms
The most notable symptoms of Wacatac infection include:
- Frequent device crashes.
- Increased data usage.
- Slow system performance.
- New unknown apps on your computer.
- Unusual pop-ups and notifications.
- Disabled security software.
- Suspicious activity in task manager (for example, processes that consume excessive CPU or memory resources).
- Suspiciously high network traffic.
Sources of the infection
Wacatac often gets into systems by using deceptive tactics, such as hiding in bundled software. In addition, the malware is often distributed using fake software cracks and spam email campaigns. Other known sources of infection are similar to most other trojans:
- Malicious links and attachments in phishing emails
- Drive-by downloads (downloads without the visitor’s consent and knowledge) from infected websites
- Malware-ridden ads
- Pirated software
- P2P (peer to peer) sharing of infected files
- Infected USB drives.
Protection
You can protect yourself from Wacatac by:
- Being skeptical of links and attachments. If you’re not sure about the link's safety, avoid clicking on it. You can also use NordVPN’s link checker to test suspicious links and use Threat Protection Pro™ to block malicious attachments.
- Keeping your software updated. Software updates often include fixes for vulnerabilities discovered since the last version, so you can protect your devices by regularly updating your operating system and other software you use.
- Switching on NordVPN’s Threat Protection Pro™. NordVPN’s advanced security features block malware-ridden websites and scan downloaded files for malware.
- Using reputable antivirus software. A reliable antivirus helps protect your systems from threats like Wacatac.
- Only downloading software from reputable and official sources. Avoid “cracked file” downloads and be wary of fake software websites.
- Refraining from saving passwords on browsers. With the Wacatac trojan, hackers can steal passwords saved on browsers. Consider using a reliable password manager instead.
- Enabling multi-factor authentication (MFA). Multi-factor authentication prevents cybercriminals from using your accounts even if they have your credentials.
- Backing up data. Regularly back up your data to a secure location, isolated from the network.
Removal
To remove Wacatac from an infected computer, you should follow these steps:
- Isolate the infected computer. Disconnect the computer from the internet and any local network to prevent Wacatac from spreading to other devices.
- Log out of cloud storage accounts. Doing so will ensure Wacatac doesn’t sync infected files with cloud backups.
- Remove external storage devices. Safely eject all external drives, USBs, and portable hard drives to avoid potential cross-contamination.
- Use trusted anti-malware software. Run a full scan using reputable anti-malware software to detect and remove Wacatac and any associated threats.
- Re-enable network and connections (after cleanup). Once your system is thoroughly scanned and confirmed clean, reconnect to your network and external devices.
