The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.
This was first observed in 2018, iTranslator is an information stealing trojan that uses a pair of software drivers to gain control of an affected system.
At the time of publication, it is unclear how iTranslator is distributed, although there are unconfirmed reports indicating it is being delivered as an executable file via medium-scale spam campaigns or drive-by-downloads from compromised websites.
Indicators Of Compromise
downloaded-itranslator.dll (ver 1.0.7)
downloaded-itranslator.dll (ver 1.0.8)