Scranos — This data-stealing malware has returned with new attacks and nasty upgraded features

guest · Jun 13, 2019

This data-stealing malware has returned with new attacks and nasty upgraded features
June 13, 2019
https://www.zdnet.com/article/this-...with-new-attacks-and-nasty-upgraded-features/

The group behind a malware campaign targeting both Windows and Android devices in an adware operation across both Europe and the US have altered its attack techniques and added new payloads including a cryptominer and a Trojan in an apparent bid to make more money from infected devices.

The new techniques employed by Scranos have been detailed by cyber security researchers at Bitdefender – who were also responsible for uncovering the malware campaign earlier this year.

"The rapid mobilization of its operators to contain the damage and maintain control of the already infected machines reveals that they were not ready to give up yet," Bogdan Botezatu, Director of Threat Research and Reporting at Bitdefender told ZDNet.
"They came with a novel approach at concealing their malware behind Microsoft executables and they also started spreading new payloads to keep funding going".
A full list of Indicators of Compromise has been detailed in the full Bitdefender analysis of Scranos which is set to be published soon.
Click to expand...

guest · Jun 25, 2019

Scranos Revisited – Rethinking persistence to keep established network alive
June 25, 2019
https://labs.bitdefender.com/2019/0...ersistence-to-keep-established-network-alive/

In April, Bitdefender broke the news of an emerging botnet dubbed Scranos. Originating from China, it has spread across Europe and the United States, snaring Windows and Android devices with advertising fraud and social network manipulation.

Our original report shone a spotlight on Scranos operators and exposed their illicit use of Authenticode certificates, and other actions.
After Bitdefender reached out to Digicert to report the certificate used to sign the rootkit driver for malicious use, the Scranos operators lost their main mechanism to ensure persistence and disguise. When the the Scranos report was published, attackers saw their command and control infrastructure get flagged for malicious activity and shut down.

We kept an eye on the developments in the weeks after the publication and documented how the operators tried to rebuild the botnet and restore functionality.
This led us to identify new components used to generate ad revenue in the background by visiting arbitrary URLs with Google Chrome and to disguise these ads as notifications, generating additional ad revenue at the user’s expense.
Click to expand...

White Paper (PDF - 2.85 MB): https://www.bitdefender.com/files/News/CaseStudies/study/271/Bitdefender-Whitepaper-Scranos-2.pdf

Rasheed187 · Jun 26, 2019

mood said: ↑

Scranos Revisited – Rethinking persistence to keep established network alive
June 25, 2019
https://labs.bitdefender.com/2019/0...ersistence-to-keep-established-network-alive/

White Paper (PDF - 2.85 MB): https://www.bitdefender.com/files/News/CaseStudies/study/271/Bitdefender-Whitepaper-Scranos-2.pdf
Click to expand...

I have read the report, it's quite nifty malware. But still, you should be able to interfere with parts of the attack, by for example monitoring service registration and outbound connections. And the hosts file should always be protected from modification or replacement.

Log in or Sign up

Scranos — This data-stealing malware has returned with new attacks and nasty upgraded features

guest Guest

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Scranos — This data-stealing malware has returned with new attacks and nasty upgraded features

guest Guest

guest Guest

Rasheed187 Registered Member

Useful Searches