Malware
Expiro
aka Xpiro
Expiro malware has been around for more than a decade, and the malware authors sill continue their work and update it with more features.
Expiro malware has been around for more than a decade, and the malware authors sill continue their work and update it with more features. Also the infection routine was changed in samples fround in 2017 (described by McAfee). Expiro "infiltrates" executables on 32- and 64bit Windows OS versions. It has capabilities to install browser extensions, change security behaviour/settings on the infected system, and steal information (e.g. account credentials). There is a newly described EPO file infector source code called m0yv in 2022, which is wrongly identified as expiro by some AVs.
Family metadata imported from Malpedia (Fraunhofer FKIE).