// Hacking NEWS // A New Sophisticated Malware Is Conquering the World

in #news5 years ago (edited)

Released in a Trojan horse form, Scranos has an impressive modular platform: data theft, online account retrieval, advertising injection, etc.

scranos.jpg
Source

A new elaborate and scary malware has just appeared on the security researchers’ radar at Bitdefender Labs. Called "Scranos", it spreads through various and varied Windows software: video players, e-book readers, "security" software, drivers, etc. Initially, this malware was only distributed in China. But since a few months, it spreads around the world.

Once installed, this Trojan will first deploy a series of DLL files that will go to collect cookies from browsers and steal ids from Facebook, Amazon, Youtube and Airbnb accounts. Then it deactivates the Windows Defender Real-Time Protection security software. We are never careful enough.

qdzqd.jpg

Before self-destruct, it will finally install a rootkit in a video driver form. This is authenticated by a signature issued on behalf of Yun Yu Health Management Consulting Shanghai. This is probably a stolen certificate.

Before each shutdown of the infected device, this driver saves its data in a file and programs its own reactivation in the Windows registry. That way, at the next start, it can automatically resume its service. Convenient.

A true Scranos masterpiece, this rootkit is able to inject a "downloader" into a legitimate Windows process with the objective, as its name suggests, of downloading other malicious modules. This opens the door to a lot of piracy and scams. One of the modules allows, for example, to diffuse hacked Android applications from the victim's Facebook friends. Another specializes in steam ids theft.

Moreover, it can install browser extensions that will force some pages opening or change the default search engine. The Javascript adv injection or the automatic subscription to Youtube accounts are also part of the catalogue.

qzdqdz.jpg
Bitdefender Labs -

In short, Scranos is a rather well-crafted cybercriminal platform that allows launching many different activities. The developers of this malware seem to be particularly actives and are constantly testing new modules on the thousands of PCs they have successfully infected up to now. (I must recognize the ingenuity of its creator...)

The malicious potential of this new malware is therefore important ... and must be watched closely.

Source: Bitdefender Labs

Stay Informed, Stay Safe

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

Sort:  

Congratulations @vijbzabyss! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You made more than 5000 upvotes. Your next target is to reach 6000 upvotes.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63811.18
ETH 2610.29
USDT 1.00
SBD 2.83