Octopus Trojan

What is Octopus Trojan?

Octopus Trojan might be related to a particular group of hackers known as DustSquad because the malware’s targeted victims are diplomatic organizations from Central Asia, which is the region where these cybercriminals have been active for some years now. Our researchers at Anti-spyware-101.com report that the threat might allow cybercriminals to take control over the victims’ computers. Based on what we learned while testing the malicious application it looks like it could steal various information, track user’s activity, download files, and so on. No doubt, such actions could cause a lot of trouble for the victim and the organization he works at. Of course, the faster it is eliminated, the less damage it can do, which is why it is essential to know how to remove Octopus Trojan. Probably the safest option would be to acquire a legitimate antimalware tool that could handle the malicious application. Also, the instructions available below will demonstrate how to erase it manually.

Where does Octopus Trojan come from?

It seems Octopus Trojan’s creators trick their victim’s into thinking Telegram (popular messenger) is going to be banned in their region and that they have to download an alternative version of it. Sadly, once the installer starts running, the malicious application settles in and gives cybercriminals access to the system. So far it is unknown how these messages reach their victims, but we believe it is possible they could come with Spam emails, suspicious advertising material, or installers downloaded from untrustworthy file-sharing websites. Therefore, targeted organizations should educate their employees so they would avoid opening potentially harmful data or stop visiting possibly malicious sites. It is also essential to keep a legitimate antimalware tool that could guard the computer against various threats.

How does Octopus Trojan work?

The victims might not realize they are launching the malware’s installer as they should see a setup wizard and so think they are installing an alternative to Telegram. In fact, the malicious application even creates a folder with a few files titled in a way the user would think they belong to the messenger, for example, Telegram Messenger.exe, TelegramApi.dll, etc. Finally, the threat should drop and launch an executable file that lets hackers connect to the infected computer remotely; it is called Java.exe and can be found in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. As you can tell from the path, the file is placed on (Startup), Octopus Trojan should be launched automatically each time the computer restarts. While it is running the cybercriminals could perform various tasks, for example, copy and download user’s files, delete such data, drop more data on the computer and launch it, install more malware, etc.

How to eliminate Octopus Trojan?

Clearly, the safest thing to do is erase Octopus Trojan as fast as you can. Victims who are experienced with removing such malicious applications could try to complete the steps given at the end of this paragraph. Also, the malware can be deleted with a legitimate antimalware tool of your choice, so if the process looks a bit too complicated, victims should not hesitate to use automatic features instead.

Remove Octopus Trojan

1. Click Windows key+E.
2. Locate this directory: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
3. Find a file named Java.exe, right-click it and choose Delete.
4. Afterward, navigate to this folder %APPDATA%
5. Look for a file named profiles.ini, right-click it and press Delete.
6. Find the fictitious messenger's folder.
7. Locate the malware’s created files called: CsvHelper.dll, settings.json, Telegram Messenger.exe, TelegramApi.dll.
8. Right-click all of them separately and select Delete.
9. Exit File Explorer.
10. Empty your Recycle Bin.
11. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Octopus Trojan*