What is GraceWire?

GraceWire is a threat that uses stealth techniques to slither into Windows operating systems so that it could collect sensitive data without notice. Our research team identifies this Trojan as an info-stealer. Since the functionality of this malware appears to be quite limited, there is a high chance that it could run along with other malicious threats. The Trojan belongs to the Evil Corp group, also known as the Dudear group, and it is well-known for other infections. We talk more about them further in the report. The targets of this group are unknown, and it is possible that it does not conduct targeted attacks at all. Perhaps the group is taking advantage of anyone it comes across. If we learn anything new about this malware, we will surely update this report as soon as possible. If you continue reading, you will learn how this infection spreads, which, hopefully, will help you keep it away from your operating system. We also touch on the removal of GraceWire, which, of course, is crucial.

How does GraceWire work?

You must know the ancient story of the Trojan Horse, and if you do, you have a concept of how a Trojan, as a malicious computer infection, works as well. Basically, a malicious infection hides within a shell of something that does not look harmful and malicious. GraceWire relies on the shell of a harmless-looking Excel file. The file could be introduced as an attachment, or it could be presented via a URL in the text presented via the email. The Evil Corp group has successfully used spam emails to expose users to malicious file attachments before; however, those are easier to uncover, and reliable security software should be able to recognize and delete malware before execution. This technique might have been used to drop the malicious payload of the Dridex Trojan and Zeus malware. Both can work as banking trojans that silently extract banking credentials that permit cybercriminals make unauthorized transfers. This could have helped the attackers behind this malware to steal millions of dollars already.

The attackers have taken a slightly different approach with GraceWire. Spam emails are still used to expose people to malicious Excel files, but if people are tricked into clicking on attachments or in-text URLs, they activate an HTML redirector. This ensures that malware has better chances of slithering in even if security systems are in place. This can help cybercriminals circumvent detections by browsers that might have the intelligence to block malicious URLs; however, redirectors can bypass filters and open malware download pages. Of course, GraceWire is downloaded silently, so that it could work undisturbed. The Trojan might read cookies and login credentials saved on the browser. It is hard to say what kind of information this malware might end up collecting, but, without a doubt, you do not want it collecting anything. The problem with this Trojan is that it might be very hard to notice and uncover. If you have discovered it, you must remove it immediately, but you also should change passwords and beware of any lasting consequences.

How to remove GraceWire

Needless to say, you have to delete GraceWire from your Windows operating system. This is not the biggest challenge. It might be much more difficult to detect this malware, which is why it is important that you perform regular system scans. If your security tools fail to protect you against trojans and other kinds of malware, a comprehensive system scan should help you take the control back into your hands. As for the removal of GraceWire, we cannot give you instructions on where to find the components of this malware. If we could, we would. However, this malware is likely to use files with unique names, and these files could be dropped in random directories and hidden within folders with random names. They could even take on the names of legitimate software and services to confuse you. On top of that, other threats might exist as well. Due to this, we advise implementing trustworthy anti-malware software. It will delete all malware components automatically, and, at the same time, it will strengthen your system’s protection to, hopefully, ensure full security in the future. 100% FREE spyware scan and
tested removal of GraceWire*


Leave a Comment

Enter the numbers in the box to the right *