Quote:A digitally-signed rootkit is used in wide-reaching malicious activities aimed at stealing login credentials, payment information, and browsing history, spam social network users, and adware activity.
 
Dubbed Scranos by researchers, the rootkit poses as a video driver. Once installed, it can download any payload its operator chooses. The targets range from popular browsers Chrome, Chromium, Firefox, Opera, Edge, Internet Explorer, Baidu, and Yandex to services from Facebook, Amazon, Airbnb, Steam, and Youtube.

The certificate used for signing the rootkit, likely stolen, is a DigiCert issue for Yun Yu Health Management Consulting (Shanghai) Co., Ltd., a company that is not involved in software development. At the moment, the certificate is still valid, BleepingComputer was told.