[ad_1]
Security researchers Avast have discovered a new strain of malware, Rietspoof, currently transmitted to victims via instant messaging clients such as Facebook Messenger and Skype.
In a report released over the weekend, researchers described this new threat as a "multi-step malware", which was first detected in August 2018, but which was largely ignored until it was released. last month's distribution efforts are on the rise.
The main role of Rietspoof is to infect victims, obtain persistence on infected hosts, and then download other types of malware, based on commands received from a central command and control server.
The malware achieves persistence by placing an LNK file (shortcut) in the Windows / Startup folder. This is noisy because most antivirus products can keep an eye on this issue, but according to Avast, Rietspoof is also signed with legitimate certificates, which allows the malware to bypass security checks.
The infection program includes four different steps – described in more detail in writing avast here. The Rietspoof malicious program is abandoned in the third step, the last step being to download a more intrusive and more powerful malware strain.
Rietspoof is what security researchers call a "dropper" or a "downloader", a stump of malicious programs designed for the sole purpose of infecting victims with "something more powerful".
For this reason, its functionality is also very limited. It can download, execute, download and delete files and, in case of emergency, it can also be deleted. Nevertheless, these elements are more than enough for Rietspoof to do its work.
Avast claims that since it began to examine this new threat, the malicious program has changed its C & C communication protocol and has undergone other minor changes, which has led researchers to believe that It is still under active development.
"Our research still does not confirm whether we have discovered the entire chain of infection," researchers said Saturday.
Rietspoof is the second "malware repair / download software" to experience a recovery in activity in recent months. The other is called Vidar, a strain of malware that helps various criminal gangs distribute ransomware and password thieves. An analysis of the Vidar malware is available here.
Related security coverage:
[ad_2]
Source link