New Trojan hijacks shortcuts to ensure its execution..!!

priyanshuit's picture

A new information-stealing Trojan that seems to be Chinese in origin has been detected by Avira' researchers.

It is designed to steal usernames and passwords associated with a variety of popular websites such as YouTube, Google and PayPal, but also those linked to Chinese websites such as,, and Taking that information together with the fact that the Trojan sends the stolen credentials to a server located in China, you can see why the researchers believe it coming from that country.

But, there is another thing that piqued their interest. Contrary to the typical behavior of Trojans who try to modify registry keys or take advantage of the autorun feature to ensure they will be run, this one looks for shortcuts located on the desktop or in special folders.

Then, it makes copies of itself and places them in the folders containing the linked files (often executables), renames those linked files into click_[original-file-name].exe and gives its copies the names of the originally linked files.

This way, every time a user clicks on a shortcut, it runs the Trojan. Also, in order to remain undetected as long as possible, the copies are instructed to run the renamed files after being executed themselves.



Post new comment

The content of this field is kept private and will not be shown publicly.
15 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture


Last Name


Website / Blog

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: Twitter: Email:


Recent comments