VERY IMPORTANT

While some ransomware (i.e. Chimera) give bogus threats about stealing and releasing private files, there are other malware families that in fact have made this possibility a reality. Recently, Bleeping Computer published a short article about an unrecognized Trojan that grabs documents from the attacked computer and uploads them into a malicious server. Looking at the characteristics of the tool, we suspect that it has been prepared for the purpose of corporate espionage. So far, no AV has given any meaningful identification to this malware—it is detected under generic names. Since not much is known about its internals, we decided to take a closer look. In the unpacked core we found strings suggesting that the authors named the project Shakti, which means “power” in Hindi or may also be a reference to the Shakti goddess. That’s why we refer to this malware as Shakti Trojan.