Security researchers from Bitdefender discovered a new type of malware that’s unusually sophisticated and scary.
Dubbed “Scranos”, this malware infects a computer through compromised downloads that pose as video playing or e-book reading apps. Because it’s digitally signed, it can slip by security software.
Then, once it’s in, the rootkit communicates with hacker-controlled servers in order to download even more malicious code that can do damage on multiple fronts.
In one case, the Scranos malware can burrow into browsers like Chrome, Firefox or Edge to try to steal Facebook, Youtube, Amazon, and Airbnb accounts.
According to the researchers, the Scranos malware opens Chrome in debugging mode, then hides the browser window so the user can’t see it on the desktop or the taskbar. Then, it opens Youtube to subscribe to channels and click ads.
“They are looking at advertising fraud by consuming ads on their publisher channels invisibly in order to pocket the profit. They are growing accounts that they have been paid to grow and helping inflate an audience so they can grow specific ‘influencer’ accounts,” said Bogdan Botezatu, director of threat research and reporting at Bitdefender.
In other attacks, the Scranos malware stole data from Steam accounts, ran rogue Chrome extensions and collected users’ browsing histories, potentially exposing them to blackmail down the line.
It is also capable of hijacking a user’s Facebook to send phishing messages to their contacts list.
A malware with rootkit capabilities which originated in China, Scranos was described by cybersecurity vendor Bitdefender as a “work in progress, with many components in the early stage of development.” The company notes that, while Scranos is not yet widespread, the infection was spotted on all known Windows versions.
Because it’s a new, evolving threat, Scranos could theoretically bypass security software. In that case, Bitdefender researchers provided users with a step-by-step guide to remove
You can read more and find the guide here.