In contrast to other ransomware-type viruses, it does not generate a ransom note, nor provides instructions on how to pay a ransom or encrypt files. The latter is known for encrypting personal files and appending. Once installed, the renewed Trojan executes malicious activities allowing criminals to steal user's credentials and, upon a second phase, downloads SkyStars ransomware. A year later the SonicWall Capture Labs Threat Research Team released a report that the infamous banking trojan evolved into a double payload malware. The renewed BlackMoon trojan sample has been submitted on VirusTotal in autumn 2018.
This malicious cyber infection used to be extremely active until 2016 and then got idle until 2018 when experts spotted new strains of the trojan in an active development phase. This specific malware example has been developed with an intention to steal the victim’s banking information by redirecting the victim to phishing websites. Many cybersecurity vendors recognize it as W32/Banbra on the bases of its detection name. What is BlackMoon virus? BlackMoon banking Trojan steals people's banking information and delivers SkyStarts ransomware as a second payloadīlackMoon is a banking trojan that spreads via phishing websites and steals credit card infoīlackMoon is a reference to a trojan virus, which has been first spotted on the landscape in 2014.