Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Scranos rootkit expands operations from China to the rest of the world

April 16, 2019
in Internet Security
Scranos rootkit expands operations from China to the rest of the world
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter
http://www.zdnet.com/

A malware operation previously limited to China’s borders has expanded over the past few months to infect users from all over the world, antivirus firm Bitdefender said in a report published today.

Users who have the bad habit of downloading and installing cracked software applications are at the highest risk.

You might also like

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Facebook bans Myanmar military-controlled accounts from its platforms

Cloud, data amongst APAC digital skills most needed

According to Bitdefender experts, these apps are laced with a relatively new malware strain named Scranos. The most important piece of this malware is a rootkit driver that’s hidden inside the tainted apps and which allows the malware to gain boot persistence and take full control over users’ systems in the early stages of an infection.

A very dangerous “work in progress”

Although Bitdefender describes Scranos as “a work in progress, with many components in the early stage of development,” the malware is still very dangerous as it is.

That’s because Scranos is a modular threat that once it infects a host computer, it can ping its command and control (C&C) server for additional instructions, and then download small modules to execute a fine set of operations.

The malware may not have modules for all the features supported by more complex malware strains, but it has enough components to put users and their data at risk, while also being a huge annoyance due to its adware-like features.

At the time of writing, Bitdefender has documented the following modules/features in a 48-page report the company shared with ZDNet:

  • Extract cookies and steal login credentials from Google Chrome, Chromium, Mozilla Firefox, Opera, Microsoft Edge, Internet
    Explorer, Baidu Browser and Yandex Browser.
  • Steal a user’s payment accounts from his Facebook, Amazon and Airbnb webpages.
  • Send friend requests to other accounts, from the user’s Facebook account.
  • Send phishing messages to the victim’s Facebook friends containing malicious APKs used to infect Android users as well.
  • Steal login credentials for the user’s account on Steam.
  • Inject JavaScript adware in Internet Explorer.
  • Install Chrome/Opera extensions to inject JavaScript adware on these browsers as well.
  • Exfiltrate browsing history.
  • Silently display ads or muted YouTube videos to users via Chrome. We found some droppers that can install Chrome if it is not already on the victim’s computer.
  • Subcribe users to YouTube video channels.
  • Download and execute any payload.

Scranos has already infected thousands

Bitdefender says the malware is nowhere near as widespread and prevalent as the Zacinlo adware campaign it detected last June.

Nevertheless, the Scranos operation has started expanding operations beyond its original Chinese targeting, already infecting thousands, based on Bitdefender’s view. Currently, Scranos is making victims all over the world, but most infections have been reported in India, Romania, Brazil, France, Italy, and Indonesia.

Scranos infection map

Image: Bitdefender
http://www.zdnet.com/

The bad news is that Scranos doesn’t seem limited to one or two platforms only, and can infect all known Windows versions, from XP to Windows 10, with the most victims found on Windows 10 and 7, respectively.

Scranos infection distribution

Image: Bitdefender
http://www.zdnet.com/

Antivirus companies often spot in-dev malware on VirusTotal and while malware operators perform tests, but all signs point to Scranos being a successful malware development effort.

Bitdefender said it spotted cases where the malware has been used to install rogue extensions in users’ browsers and to subscribe thousands of users to specific YouTube channels.

Scranos, the rootkit-backdoor-infostealer-adware

Whoever is behind Scranos is dead set on creating a powerful new malware strain, according to Bitdefender’s team.

“This operation is constantly evolving, as demonstrated by the fact that its developers build in new functionalities rather than rely on
external tools that may be detected as malicious,” researchers said.

It’s hard to classify Scranos as a particular threat. It contains the features usually found in backdoor trojans, infostealers, and in adware families.

However, regardless of the active modules that have been downloaded and installed on a victim’s computer, the most crucial one that needs to be removed with the highest priority is Scranos’ rootkit.

Luckily, the Bitdefender report contains detailed step-by-step removal instructions for any users to follow.

Related malware and cybercrime coverage:

Credit: Source link

Previous Post

Machine Learning, Fake News and Cybersecurity: 10 Cornell Faculty Members Win Google Faculty Research Awards

Next Post

10 Algorithms Every Machine Learning Enthusiast Should Know

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Next Post
10 Algorithms Every Machine Learning Enthusiast Should Know

10 Algorithms Every Machine Learning Enthusiast Should Know

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
DataStax Astra goes serverless | ZDNet
Big Data

DataStax Astra goes serverless | ZDNet

February 25, 2021
Tesla Working on Full Self-Driving Mode, Extending AI Lead 
Artificial Intelligence

Tesla Working on Full Self-Driving Mode, Extending AI Lead 

February 25, 2021
Cloudera aims to fast track enterprise machine learning use cases with Applied ML Prototypes
Machine Learning

Cloudera aims to fast track enterprise machine learning use cases with Applied ML Prototypes

February 25, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021 February 26, 2021
  • Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations February 25, 2021
  • DataStax Astra goes serverless | ZDNet February 25, 2021
  • Tesla Working on Full Self-Driving Mode, Extending AI Lead  February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates