BloodyStealer virus. How to remove this trojan-stealer?

BloodyStealer Malware is a dangerous virus, which can correctly be classified as stealer. It became enormously widespread nowadays, since a lot of cybercriminals use it to steal your data. In this post, I will show you the detailed review of that virus. In addition, you will see how to avoid the malware penetration.

What is BloodyStealer virus?

BloodyStealer is a typical example of trojan-stealer. That kind of malware aims on your personal data, such as login credentials, browser cookies, and other important information. This virus is also able to take the information about your PC configuration (i.e. hardware), programs you have and session logs of gaming platforms (Steam, Origin, etc). Moreover, malware analysts say that BloodyStealer virus is also able to take screenshots.

Here is a short description of “FedEx Express Email virus”:
Name BloodyStealer
Type Trojan-stealer
Detection name Microsoft (Trojan:Win32/Wacatac.B!ml), Kaspersky (HEUR:Trojan-Spy.MSIL.Stealer.gen), BitDefender (Gen:Variant.Bulz.412085), Emsisoft (Gen:Variant.Bulz.412085 (B)) (BloodyStealer on VirusTotal)
Malware source Infected file attached to the email, hacktools and riskware
Protection methods
To remove possible virus infections, try to scan your PC

All information which BloodyStealer takes from the victim’s PC it sends to attackers through Telegram. Becoming such an attacker is possible through hackers forums, such as infected-zone[.]com. On that forum, this stealer is offered with a subscription: $10 for monthly and $40 for lifetime one. Pretty fair business model, isn’t it?

BloodyStealer virus offered

Message from Infected Zone forum

The total damage which BloodyStealer deals during the attack is huge. That virus is able to nuke all your privacy, so all your accounts in social networks, as well as online banking accounts and emails will be compromised. All data about your daily activities, such as working in the programs or gaming will be visible for crooks. And the most critical thing is credentials theft. One day you may discover that you cannot log in your Twitter account, and there are several strange money transfers from your bank account.

How did I get this dangerous virus?

Cybercriminals spread BloodyStealer massively through email spamming. Such a trend is caused by the fact that people trust the email notifications. Malware distributors disguise their emails as shipping notifications from Fedex, or alerts from Citibank about the changes in your account. In addition, they add several logotypes of the companies they mimic, to completely lull the vigilance. That’s why the mentioned spamming campaigns are so effective and profitable for their establishments.

FedEx Express Email virus message

Fake Fedex email with shipping information

But the email spam is a new distribution channel, that does not cancel other distribution ways. Second method by popularity is a hacktools/riskware. Programs like KMSPico/KMS Activator, keygens and cheat engines for different programs and games are a perfect shell for the BloodyStealer, as well as any other stealer. The aforementioned programs may even have declared functions, but the virus will still be in it. Such disguise is an ultimate for malicious targets, since hacktools themselves are usually detected by the anti-malware software. To use these applications, users are forced to stop the antivirus or add the app to the whitelist. So, when the victim discovers the fact of malware activity, it is too late for any countermeasures.

How can I avoid the virus installation?

It is not very hard to uncover the email spamming. Fraudsters try to mimic the companies, but they are not able to get the same email address. You can just check the true email in the messages you have got before, and compare it with the address in a dubious email. Another way to avoid these fraudulent emails is to remember if you really have any incoming deliveries. Crooks can barely have the information if you are waiting for shipments, so it is easy to understand that someone tries to fool you.

In situations where you are not able to prove the benevolence of the email, you can try to download the file they are offering. By default, the typical source of malware in Office documents – macros – are disabled. If the document offers you to enable macroses, ignore this ask and close the document. There is no use for macroses in shipping information, so it is definitely a virus.

How to remove the BloodyStealer from my PC?

This virus hides deeply in the system, so it is likely impossible to remove it manually. The best solution is to use anti-malware software. For BloodyStealer removal, it is recommended to use GridinSoft Anti-Malware.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

    User Review
    0 (0 votes)
    Comments Rating 0 (0 reviews)
    BloodyStealer virus. How to remove this trojan-stealer?
    BloodyStealer virus. How to remove this trojan-stealer?
    BloodyStealer is a reference example of a stealer trojan, a virus that thiefs your personal data, passwords, activity information, and a lot of other things. The consequences of its activity are awful.

About the author

Robert Bailey

Security Engineer. Interested in malware, reverse engineering, white ethical hacking. I like coding, travelling and bikes.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.