Taurus Loader has been around for over a year and continues to be actively updated and distributed by its developers. As the name suggests, this Trojan Loader is designed to implement additional malware on the systems it compromises. Furthermore, criminals work with a wide range of payloads and the techniques they use to deceive and gain access to users are constantly evolving. Currently, a significant part of the distribution of Taurus Loader occurs through fake downloads and cracked software so users often access fake and malicious activators and cracks through torrents, specialized hacking websites or even the results Google search.
The malware appears to have been developed by Alexuiop1337 better known as the Predator actor The Thief, as he was promoted on his Telegram channel and underground Russian forums, although they claimed that he has no connection to Taurus. Taurus Stealer is advertised by the threat actor “Taurus Seller”, who has a presence on a variety of underground Russian forums where this threat is primarily sold.
Also something not to be taken lightly is that Taurus uses AutoIt to perform various evasion techniques, and if a machine is deemed “safe”, a payload will be decrypted into memory and executed. Rather than implementing their decryption algorithm in AutoIt, malware developers have chosen to write an assembly implementation of their chosen stream cipher, RC4.
Related reads:
JSSLoader – A Threat That Comes Back Improved
ZLoader – A Dangerous malware Distributor
BazaLoader threat posing as legitimate sites
