Rietspoof comes with Facebook Messenger & Skype

Avast security researchers have discovered a new malware called Rietspoof. The it spreads through instant messaging apps like Facebook Messenger and Skype.

A report released over the weekend describes the new threat as "multi-stage malware" first detected in August 2018 but ignored until a significant increase in distribution efforts was observed last month.Rietspoof

Rietspoof's main role is to infect victims, and then download more malware, depending on which it receives from a central control (C&C) server.

Immediately after downloading the malware it places an LNK (shortcut) file in the Windows / Startup folder. This is a process that most antivirus products follow, but Avast says Rietspoof has been legally certified, allowing malware to bypass security checks.

The infection consists of four different stages which are described in more detail in the Avast publication here. The actual Rietspoof malware appears in the third stage, while the last stage downloads more powerful malware.

Rietspoof is the malware that security researchers call a “dropper” or “”, is a type of malware designed with the sole purpose of infecting its victims with “something stronger”.

Μπορεί να κατεβάζει, να τρέχει, να ανεβάζει και να διαγράφει αρχεία και σε περίπτωση έκτακτης , μπορεί ακόμα και να διαγράψει τον εαυτό του.

Avast says that since addressing this new threat, the malware has changed its C&C communication protocol and made many small changes, leading researchers to believe that it is still in active development.

“Our investigation cannot confirm whether we have uncovered the entire chain s", researchers said on Saturday.

Rietspoof is the second "dropper / downloader" of malware that has been active in recent months. Another is called Vidar, and is used by criminals to distribute ransomware and stealers. An analysis of the Vidar malware is available here.

____________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).