SLoad Trojan Employs BITS

Walden Systems Geeks Corner News SLoad Trojan Employs BITS Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Analysis of the trojan sLoad shows the growing trend of advanced malware that successfully evades detection and carries out malicious activities. SLoad is a PowerShell downloader malware that is known for its reconnaissance tactics and targeting efforts. What makes it unique is an almost exclusive use of a legitimate Windows file transfer utility for stealing data, payload fetching and command-and-control communications. According to Sujit Magar, an APT researcher with Microsoft, "SLoad is just one example of the increasingly more prevalent threats that can perform most of their malicious activities by simply living off the land."

SLoad was first spotted in May 2018. SLoad has been seen delivering a variety of payloads, including the Ramnit and Ursnif banking trojans, Gootkit, DarkVNC and PsiXBot. It uses the Background Intelligent Transfer Service , or BITS, a component of Windows as its attack method.


SLoad spies on system information and learning about a target before delivering its payload. the malware gathers information about the infected system, including a list of running processes, the presence of Outlook, and the presence of Citrix-related files. It will also take screenshots of the target machine. By using loaders that can also assess infected systems, hackers can select their targets wisely and improve the quality of infected hosts.

sLoad i a dangerous threat that's equipped with spyware capabilities, infiltrative payload delivery and data exfiltration capabilities. While it drops some malware files during installation, its use of only BITS jobs to perform most of its harmful behaviors and scheduled tasks for persistence achieves an almost fileless presence on compromised machines.