After the global crisis produced by ransomware viruses, designed to irreversibly encrypts data and documents from victim's computers, this year, users of Windows 7 si Windows 10 is dealing with SCRAN.
What is Scranos?
Is a malware rootkit, recently discovered by Bitdefender, able to fure passwords used on different sites or online payment platforms, personal data stored in internet browsers and to automatically subscribe the victim, without realizing, to different channels YouTube or other sites that can bring financial profits to attackers.
According to the security specialists at Bitdefender, Scranos affects all users of Windows 7, Windows 8,1 si Windows 10 which use Internet browsers such as: Chrome, Firefox, Edge, Baidu si Yandex, with the most affected countries being Romania, India, Brazil, France, Italy and Indonesia.
There is evidence that this virus would have been released in 2018 in November, following a stage of development, propagation and consolidation in the first half of this year.
Malware, Scranos, with rootkit features is "deeply" planted in vulnerable Windows computers and gets permanent access to them even after restarting the operating system. These types of rootkits get the highest rank in root (root) and are very hard to detect if users do not good antivirus software and updated to date.
The motives of the attackers are strictly commercial, according to him Bogdan Botezatu, director of research and reporting of computer threats within Bitdefender. Their intentions are to Spread this malware virus on as many computers as possible to make advertising abuses and to propagate the virus further using the victim's computers, he said.
YouTube Channels promoted by attackers managed to raise 3.100 subscribers in one day. From here, we can roughly deduce a large number of infected computers, since the purpose of the virus is to evade authentication and password data from various sites, online stores, online payment platforms, Facebook accounts, and YouTube , etc.
How does Scranos spread and how can you protect it?
Bitdefender has discovered that this malware is hidden behind applications that seem real, reliable, like video players or e-book reader. As the installation and infection rate is higher, Scranos also benefits from a digital signature, obtained fraudulently. The digital signature that allows malware to not be easily blocked by the operating system.
Once the rootkit is installed, it notifies a remote one command and control server to download bad backgrounds into background. In the second stage, hackers inject customized codes able to evade passwords and to remotely command browsers such as: Chrome, Firefox, Edge, Baidu si Yandex. In particular, accounts of Facebook, YouTube, Amazon si Airbnb.
Another component of the virus can send messages with infected or promotional links via Facebook without the user's consent.
Like the first protection measure against Scranos, is that users are very careful about which applications download and especially from where. Even though they seem to be a video player application, music player, e-boot reader, behind an icon and description can hide altogether.
Last but not least, Windows users need to have an up-to-date antivirus installed.
Bitdefender says, there are currently a few tens of thousands of computers infected with the Scranos rootkit, and their number is on the rise.