Name of Malware: Matsnu

Type of Malware: Downloader

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: medium

What is Matsnu?

Matsnu is a malware downloader.

Malware downloaders download other malware and then run it on the infected system. In the case of Matsnu, the malware downloaded may include the banking trojans Citadel and URLZone/Bebloh. Matsnu can also be expanded with additional functions using plug-ins. One of these plug-ins is designed to capture access data for e-mail accounts and FTP programs and pass this information to the operator of the malware.

How did I get infected with Matsnu?

One potential route of infection is via spam e-mail. The cyber criminals send Matsnu by e-mail, disguised as an invoice. Often, these invoices are packaged as executable files in ZIP archives. Other potential sources of infection include websites that are primed to exploit security vulnerabilities in your browser; the malware could also have been downloaded by another piece of malware that was already on your system at that time.

What do I have to do now?

Do not carry out any further sensitive transactions on your computer. There may be other malware on your system besides Matsnu. Use anti-virus software to perform a full scan of your system. If necessary, use an antivirus live CD to remove Matsnu. If you still have concerns about whether the infection has been effectively removed, you should reset the device and reinstall the operating system. Back up your personal data before wiping the system. Once your system has been reset, change all your passwords, as the perpetrators may have been able to access them.