Skip to content
  • Active
  • Severity: High
  • Malware
  • Windows
  • Verified · May 2019

How to remove Electricfish malware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

Electricfish malware is a highly sophisticated cyberthreat crafted by North Korean Lazarus hacker group

Electricfish malware

Electricfish is a highly-dangerous malware that was recently spotted being used as international espionage by the North Korean hackers Lazarus (also known as Hidden Cobra or Guardians of Peace), as reported by the FBI and the US The Department of Homeland Security (DHS).[1]

Electricfish malware comes as a malicious Windows 32-bit executable and contains custom protocol that allows bad actors to tunnel the traffic via proxies between the compromised machines and their own networks. Additionally, it is also capable of bypassing the required authentication process which would normally require login details.

The main danger lies in the fact that infected users would not notice the intrusion. Therefore, it is vital to acquire reputable security tools in order to remove Electricfish malware for the affected devices.

Name Electricfish
Type Malware/trojan
Associated hacker group North Korea's Lazarus group(Hidden Cobra, Guardians of Peace)
Purpose Establish connection between a source and a destination IP address
Risk factors Sensitive data leak, installation of other malware, stolen money from bank account, etc.
Infiltration Spam emails, system vulnerabilities, brute-force attacks, malicious websites, fake updates, etc.
Termination To delete Electricfish, you should use one of the anti-malware tools that can recognize[2] the threat. We suggest FortectIntego or SpyHunterCombo Cleaner

Just as any other severe malware, Electricfish is most likely distributed in a variety of ways. However, because the threat is distributed by professional cyber villains, it is highly likely that sophisticated infection methods are practised, such as brute-force attacks, exploits, web injects, etc. Refer to the second part of the article to secure your machine from malware in the future.

What is more, Electricfish malware is capable of evading the detection, although multiple anti-virus engines already recognize the threat, so keeping updated security software is extremely important. Some of the examples of include:[2]

  • TR/AD.Stantinko.gkqij
  • HackTool.ElectricFish
  • HackTool:Win32/ElecFish.A!dha
  • W32.Electricfish
  • TR/AD.Stantinko.gkqij
  • Gen:Variant.Ursu.349885, etc.

As soon as the connection between the source IP and the destination IP is established, Electricfish virus enables custom protocol, which consequently allows hackers to tunnel the traffic between the two. From that point, the affected victims can be spied on, and sensitive data like usernames, passwords, banking information, names, etc. can be stolen by the attackers and used for malicious purposes, such as identity or money theft.

Additionally, trojan-type viruses like Electricfish render the machine vulnerable to other infections, such as worms, backdoors, ransomware, and other dangerous malware.

Therefore, it is vital to remove Electricfish malware from the infected computer as soon as possible to protect your identity and online privacy. To do that, you should scan your PC with reputable security software, such SpyHunterCombo Cleaner and make sure that all the malicious components are eliminated with the help of FortectIntego or other similar programs.

Electricfish malware virus

Malware can be avoided: here's how

Unfortunately, but the world wide web is not a secure place, although many institutions are now governing this sphere, just like in real life, we have law enforcement to protect us from criminals. Unfortunately, cyber gangs work slightly differently from real life criminals, as traces can be hidden with appropriate coding skills. Additionally, state-governed hackers are best in the business, so their products usually contain no bugs and highly sophisticated.

To avoid the most dangerous infections, however, installing powerful security software is not enough (although it is a mandatory tool for every computer that is connected to a network or the internet). Experts advise following these tips:

  • Patch your operating system as well as installed programs with the latest security patches without postponing the installation;
  • Handle spam emails with care – never open attachments or click on links inside if you are not sure they are genuine (be aware that sender address might be forged with the help of email spoofing technique);
  • Use two-factor authentication where possible, otherwise employ a password managing application;
  • Disable Remote Desktop Protocol if not used and always protect it with the strong password and a VPN;
  • Do not allow Adobe Flash auto-run, change the setting to click-to-run;
  • Do not execute pirated software installers or its cracks/keygens, as such tools are often malicious;
  • Scan every executable you download from an unknown source with tools like Virus Total;
  • Enable Firewall;
  • Use ad-blocker on high-risk websites.

Remove Electricfish malware malware with the help of powerful anti-virus tools

You cannot remove Electricfish malware manually because it is a sophisticated tool that heavily modifies Windows and embeds its code into different parts of the operating system. Additionally, tampering with Windows registry and other vital parts might disrupt or even corrupt its operation.

Therefore, you should perform automatic Electricfish malware removal instead. For that, you should access Safe Mode with Networking and temporarily disable its functionality. Once inside, you should use one of the security applications (be aware that only one should be enabled at the time or it might result in software conflict in most cases), such as FortectIntego or SpyHunterCombo Cleaner to scan your device thoroughly.

Once you delete Electricfish virus, you should also change your passwords on all accounts and monitor your banking account in case hackers managed to breach this information while you were infected.

 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.