Authorization

Scranos, a new rootkit malware, steals passwords and pushes YouTube clicks

Security researchers have discovered an unusual new malware that steals user passwords and account payment methods stored in a victim’s browser — and also silently pushes up YouTube subscribers and revenue.
The malware, Scranos, infects with rootkit capabilities, burying deep into vulnerable Windows computers to gain persistent access — even after the computer restarts. Scranos only emerged in recent months, according to Bitdefender with new research out Tuesday, but the number of its infections has rocketed in the months since it was first identified in November.
“The motivations are strictly commercial,” said Bogdan Botezatu, director of threat research and reporting at Bitdefender, in an email. “They seem to be interested in spreading the botnet to consolidate the business by infecting as many devices as possible to perform advertising abuse and to use it as a distribution platform for third party malware,” he said.
Bitdefender found the malware spreading through trojanized downloads that masquerade as real apps, like video players and e-book readers. The rogue apps are digitally signed — likely from a fraudulently generated certificate — to prevent getting blocked by the computer. “By using this approach, the hackers are more likely to infect targets,” said Botezatu. Once installed, the rootkit takes hold to maintain its presence and phones home to its command and control server to download additional malicious components. The second-stage droppers inject custom code libraries in common browsers — Chrome, Firefox, Edge, Baidu, and Yandex to name a few — to target Facebook, YouTube, Amazon, and Airbnb accounts, gathering data to send back to the malware operator.


“The motivations are strictly commercial… they are looking at advertising fraud by consuming ads on their publisher channels invisibly in order to pocket the profit.” Bitdefender's Bogdan Botezatu
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Июль 2019    »
ПнВтСрЧтПтСбВс
1234567
891011121314
15161718192021
22232425262728
293031