Scranos: The Persistent Rootkit-Enabled Malware is Targeting Home Users and Organizat

[harlan4096]

Watch out and learn how to prevent it from stealing your valuable information.

These past few days security researchers from the Bitdefender Cyber Threat Intelligence Lab have detected a new malware strain known as Scranos which aims at stealing passwords, financial information, and other sensitive data from home users and organizations across the globe.

First identified in November 2018, with a massive spike in December and January, specialists continued to track it and raised a red flag in the past months when it was extremely active.

"This attack looks like a work in progress, with many components in the early stage of development,
researchers described it."

Dubbed “Scranos”, this newly rootkit-based malware appears to be continuously evolving, developing new components or making minor improvements to the old ones.

Unlike other types of malware, rootkits are notoriously difficult to detect in the first place, persistent and complex threats out there.

How does the infection process happen?

The attack vector is usually cracked, pirated software or Trojanized application disguised as legitimate software you may be tempted to download and install on your computers such as (video) drivers, software programs, or even security products.

One of the main components of rootkits is the dropper, which is an executable program or file that installs the rootkit. In this spam campaign, the dropper acts like a password stealer and installs a digitally-signed rootkit driver.

According to researchers, the digital signature of this driver seemed to be issued by a Chinese company, and hackers may have obtained the original digital code-signing certificate illegally or compromising it.

Once the dropper is installed, it tries to communicate with a malicious Command-and-Control (C&C) server (which is controlled by the attacker) and downloads one or more payloads.

Continue Reading