Avast security researchers have discovered a new malware called Rietspoof. The malware spreads via instant messaging applications such as Facebook Messenger and Skype.
A report released over the weekend describes the new threat as "multi-stage malware" first detected in August 2018 but ignored until a significant increase in distribution efforts was observed last month.
Rietspoof's main role is to infect victims, and then download more malware, depending on the commands it receives from a central control server (C&C).
Immediately after downloading the malware places an LNK (shortcut) file in the Windows/Startup folder. It is a process that most people follow products protectionς από ιούς, αλλά η Avast αναφέρει ότι το Rietspoof έχει υπογραφεί με νόμιμα πιστοποιητικά, επιτρέποντας στο κακόβουλο λογισμικό να παρακάμπτει ελέγχους security.
The infection consists of four different stages which are described in more detail in the Avast publication here. The actual Rietspoof malware appears in the third stage, while the last stage downloads more powerful malware.
Rietspoof is malware that security researchers call a "dropper" or "downloader", a type of malware designed with the sole purpose of infecting its victims with "something more powerful".
It can download, run, upload and delete files and in case of emergency, it can even delete itself.
Avast says that since addressing this new threat, the malware has changed its C&C communication protocol and made many small changes, leading researchers to believe that it is still in active development.
"Our investigation cannot confirm whether we have uncovered the entire infection chain," researchers said on Saturday.
Rietspoof is the second malware dropper/downloader to become active in recent months. Another is called Vidar, and is used by criminals to distribute ransomware and stealers. A analysis of the Vidar malware is available here.
____________________
