Electricfish malware is a highly sophisticated cyberthreat crafted by North Korean Lazarus hacker group
Electricfish malware is a type of computer infection that can intercept traffic and steal sensitive information
Electricfish is a highly-dangerous malware that was recently spotted being used as international espionage by the North Korean hackers Lazarus (also known as Hidden Cobra or Guardians of Peace), as reported by the FBI and the US The Department of Homeland Security (DHS).
Electricfish malware comes as a malicious Windows 32-bit executable and contains custom protocol that allows bad actors to tunnel the traffic via proxies between the compromised machines and their own networks. Additionally, it is also capable of bypassing the required authentication process which would normally require login details.
The main danger lies in the fact that infected users would not notice the intrusion. Therefore, it is vital to acquire reputable security tools in order to remove Electricfish malware for the affected devices.
|Associated hacker group||North Korea's Lazarus group(Hidden Cobra, Guardians of Peace)|
|Purpose||Establish connection between a source and a destination IP address|
|Risk factors||Sensitive data leak, installation of other malware, stolen money from bank account, etc.|
|Infiltration||Spam emails, system vulnerabilities, brute-force attacks, malicious websites, fake updates, etc.|
|Termination||To delete Electricfish, you should use one of the anti-malware tools that can recognize the threat. We suggest Reimage or Malwarebytes MalwarebytesCombo Cleaner|
Just as any other severe malware, Electricfish is most likely distributed in a variety of ways. However, because the threat is distributed by professional cyber villains, it is highly likely that sophisticated infection methods are practised, such as brute-force attacks, exploits, web injects, etc. Refer to the second part of the article to secure your machine from malware in the future.
What is more, Electricfish malware is capable of evading the detection, although multiple anti-virus engines already recognize the threat, so keeping updated security software is extremely important. Some of the examples of include:
- Gen:Variant.Ursu.349885, etc.
As soon as the connection between the source IP and the destination IP is established, Electricfish virus enables custom protocol, which consequently allows hackers to tunnel the traffic between the two. From that point, the affected victims can be spied on, and sensitive data like usernames, passwords, banking information, names, etc. can be stolen by the attackers and used for malicious purposes, such as identity or money theft.
Additionally, trojan-type viruses like Electricfish render the machine vulnerable to other infections, such as worms, backdoors, ransomware, and other dangerous malware.
Therefore, it is vital to remove Electricfish malware from the infected computer as soon as possible to protect your identity and online privacy. To do that, you should scan your PC with reputable security software, such Malwarebytes MalwarebytesCombo Cleaner and make sure that all the malicious components are eliminated with the help of Reimage or other similar programs.
Malware can be avoided: here's how
Unfortunately, but the world wide web is not a secure place, although many institutions are now governing this sphere, just like in real life, we have law enforcement to protect us from criminals. Unfortunately, cyber gangs work slightly differently from real life criminals, as traces can be hidden with appropriate coding skills. Additionally, state-governed hackers are best in the business, so their products usually contain no bugs and highly sophisticated.
To avoid the most dangerous infections, however, installing powerful security software is not enough (although it is a mandatory tool for every computer that is connected to a network or the internet). Experts advise following these tips:
- Patch your operating system as well as installed programs with the latest security patches without postponing the installation;
- Handle spam emails with care – never open attachments or click on links inside if you are not sure they are genuine (be aware that sender address might be forged with the help of email spoofing technique);
- Use two-factor authentication where possible, otherwise employ a password managing application;
- Disable Remote Desktop Protocol if not used and always protect it with the strong password and a VPN;
- Do not allow Adobe Flash auto-run, change the setting to click-to-run;
- Do not execute pirated software installers or its cracks/keygens, as such tools are often malicious;
- Scan every executable you download from an unknown source with tools like Virus Total;
- Enable Firewall;
- Use ad-blocker on high-risk websites.
Remove Electricfish malware malware with the help of powerful anti-virus tools
You cannot remove Electricfish malware manually because it is a sophisticated tool that heavily modifies Windows and embeds its code into different parts of the operating system. Additionally, tampering with Windows registry and other vital parts might disrupt or even corrupt its operation.
Therefore, you should perform automatic Electricfish malware removal instead. For that, you should access Safe Mode with Networking and temporarily disable its functionality. Once inside, you should use one of the security applications (be aware that only one should be enabled at the time or it might result in software conflict in most cases), such as Reimage or Malwarebytes MalwarebytesCombo Cleaner to scan your device thoroughly.
Once you delete Electricfish virus, you should also change your passwords on all accounts and monitor your banking account in case hackers managed to breach this information while you were infected.
To remove Electricfish malware, follow these steps:
Remove Electricfish malware using Safe Mode with Networking
To remove Electricfish malware without any interruptions, we suggest you enter Safe Mode with Networking as explained below:
Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Step 2: Remove Electricfish malware
Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Electricfish malware removal.
If your ransomware is blocking Safe Mode with Networking, try further method.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Electricfish malware and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes