If you live in Argentina, Japan, or the Philippines, Gelup is the infection that you need to learn about. It is not spreading across every computer found in these countries, but if the operating system is weak and unprotected, the chances of it getting infected certainly increase. Unfortunately, this infection is one of those that you really do not want hanging around. It is known as a payload downloader, which means that cyber criminals can use it to download anything and everything. Needless to say, that puts you at serious risk. For all we know, if this threat got in, you could soon face ransomware, keyloggers, data-stealing infections, Trojans, and all kinds of other malicious threats. Due to this, it is crucial to inspect the system for additionally downloaded malware when deleting Gelup. Without a doubt, the more threats exist, the more difficult it will be to remove them all manually, but, luckily, that is not your only option.
Just like most threats these days, Gelup is spread using a clever spam email campaign. That is also how the malicious FlowerPippi is expected to spread as well, and this infection is a backdoor that appears to have been created by the same cyber criminals as the Gelup Trojan. We do not know if they could be spread together or downloaded by one another, but if they exist, both require immediate removal. The Trojan has been found spreading with the help of spam emails that trick victims into opening malicious files. In most cases, it appears, these are .xls or .html files. If the victim interacts with the file – which could be introduced via a malicious link or as an attachment – an Excel file is downloaded and the victim is asked to enable macros. This is not a good sign, and if you are ever asked to enable macros, you need to think if the file you are trying to open is 100% safe and reliable. If macros of the malicious file is enabled, the devious FlawedAmmyy downloader is dropped. The attackers appear to have successfully employed the Amadey botnet and ServHelper malware for the downloading of the malicious payload too.
The email that is supposed to lead to the eventual execution of Gelup is misleading, and do not think for a second that you cannot be tricked. Cyber criminals are very smart, and they can create very convincing emails that might look as if they were sent to you by your bank, your Internet provider, your school, your work, or anything else. Therefore, you need to assess every message you receive. Hopefully, you can evade misleading emails with corrupted attachments and links within them. If you cannot, and Gelup slithers in, information about you and your system could soon be sent to the attackers, and they might try to drop malware through an opened security backdoor without you knowing anything about it. To make things worse, this Trojan appears to be capable of obfuscating itself, and so there is a possibility that it could slither in and stay hidden even if weaker antivirus software exists on your system. Needless to say, this could also make the removal of this malware much more difficult.
We cannot know if you will be able to remove Gelup manually (refer to the guide below), but that is not your only problem. It is possible that new infections were downloaded by this threat already, and so you need to think about their removal as well. If there is at least one threat that you cannot delete manually, there is no point in erasing others manually either. Luckily, you are not in a desperate situation yet. You can still install an anti-malware program that will find and delete Gelup and all existing threats automatically for you. Of course, it is most important that you secure your system against attackers in the future, and that is something that reliable anti-malware software will take care of as well. Depending on the additional threats that are detected, you might need to take other security measures – for example, change passwords – and so do not forget to research them as well. If you need any help understanding the malware that attacked your system, do not hesitate to leave a comment below.