Rietspoof comes with Facebook Messenger & Skype

Avast security researchers have discovered a new που ονομάζεται Rietspoof. Το malware εξαπλώνεται μέσω εφαρμογών άμεσων μηνυμάτων όπως το Facebook Messenger και το Skype.

A report released over the weekend describes the new threat as "multi-stage malware" first detected in August 2018 but ignored until a significant increase in distribution efforts was observed last month.Rietspoof

Rietspoof's main role is to infect victims, and then download more malware, depending on the commands it receives from a central server (C&C).

Immediately after downloading the malware it installs a LNK () στο φάκελο Windows/Startup. Πρόκειται για μια διεργασία που την παρακολουθούν τα περισσότερα προϊόντα προστασίας από ιούς, αλλά η Avast αναφέρει ότι το Rietspoof έχει υπογραφεί με νόμιμα πιστοποιητικά, επιτρέποντας στο κακόβουλο λογισμικό να παρακάμπτει ελέγχους .

The infection consists of four different stages which are described in more detail in the Avast publication here. The actual Rietspoof malware appears in the third stage, while the last stage downloads more powerful malware.

Rietspoof is malware that security researchers call a "dropper" or "downloader", a type of malware designed with the sole purpose of infecting its victims with "something more powerful".

It can download, run, upload and delete files and in case of emergency, it can even delete itself.

Avast says that since addressing this new threat, the malware has changed its C&C communication protocol and made many small changes, leading researchers to believe that it is still in active development.

"Our investigation cannot confirm whether we have uncovered the entire infection chain," researchers said on Saturday.

Το Rietspoof είναι το δεύτερο “dropper/downloader” κακόβουλου λογισμικού που δραστηριοποιείται τους τελευταίους μήνες. Ένα άλλο ονομάζεται Vidar, και χρησιμοποιείται από εγκληματίες για να διανέμουν ransomware και stealers. Μια του κακόβουλου λογισμικού Vidar είναι available here.

____________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).