Hacking

Scranos: A New Malware After Your Account Credentials

While surfing the internet, you must have clicked on “Accept” button under a statement saying “Enable Cookies for This Site” or something of this sort. You might have accessed another site via an advertisement link. These are the few activities that leave traces of our information on the web. Our surfing preferences, name, maybe our location as well. And now a new malware has emerged that is targeting these traces and the minute user details associated with it, which are out there on these sites with our permission to hijack our accounts.

Image Source: TechCrunch

Scranos, a new rootkit malware has been discovered by Bitdefender, Romanian cybersecurity and antimalware software developer company. This new malware has been discovered to have abilities that allow it to access virtual control of the hijacked system and inject that system with malware and target your snatched information for abuse. Read how this malware is up to the researcher’s nose.

Also Read: How MacOS Deal With Malware

What is Scranos?

Image Source: TechRepublic

Romanian organization, Bitdefender, via its Cyber Threat Intelligence Lab started research in November last year, that was dedicated to analyzing the potential threats of a newly discovered password-stealing malware operation. That malware had initially targeted Chinese businesses, however, it has recently spread wings and has now infected home systems and organizational networks. Scranos has now infected systems in more than ten nations and has been prevailing heavily in India, as per Bitdefender’s official report on the malware.

Scranos, which apparently is being improved continuously by its anonymous developers, has a range of attacking abilities, which may leave the best of system securities and antimalware software vulnerable.

How Scranos Work?

Scranos uses rootkit software, which is installed in the target’s system to gain its control and steal users’ important accounts’ passwords and even financial login details.

Now, what’s a rootkit?

Image: Digital Technology

A rootkit is a software that provides administrative control of the target’s system to the hackers. This software can be injected by prompting the user to download an application, which contains the rootkit in it. The application, technically known as the dropper file, downloads the rootkit in the background, and unbeknownst to the user access its files, folders, and all the web activities.

Image: TechWorld

This is how Scranos is injected into a system. Scranos has been using an application, which is digitally signed using a fake or compromised certification. This application drops the rootkit in the targeted system in a manner that system administrators are unable to detect it. Once installed, the rootkit then communicates with the server used by the attackers to execute further malicious activities by delivering trojan payloads.

 How Scranos Use to Steal Passwords and Other Information?

Image Source: Emerging EdTech

It targets all sorts of browsers that your system supports, including the widely used ones such as Chrome, MS-Edge, and Firefox. These browsers have saved cookies from the sites we explore on the web. The cookies can offer information such as names, site preferences, browser history, and user’s location. Such information allows sites to smoothen your site visits and experience. Scranos scrutinizes the browsers to obtain this information, steal saved passwords, and gain login credentials to your online banking portals.

How We as Users Makes it Easier for Scranos?

Image Source: Vector Stock

For one, we hardly log out from our personal computers and we hardly take the load to delete browser history. A lot of us save passwords as well to enable direct logins and even save card details on payment gateways to enable easier payment modes. The social media accounts on our computers are mostly logged in the entire time.

This way, it becomes a piece of cake for the attackers to steal our passwords and financial account logins, as well as misuse our social media profiles via identity theft and information abuse.

What Scranos Is Capable of?

Once in, Scranos can do all sorts of malicious activities that would largely impact both identity and associated information of any home user or organization, along with jeopardizing their financial accounts.

  • From the information stolen from the browser history and hijacked social media profiles, Scranos can help attackers commit fraud and online crime in your name.
  • Scranos can misuse users’ financial accounts by stealing their login credentials and enable fraudulent transactions.
Image Source: TechTheLead
  • Once Scranos offers admin control to attackers, it can help them inject the targeted system with more malicious payloads and malware.
Image Source: Malwarebytes
  • Scranos can also inject adware extensions, which would further increase your systems’ vulnerability to cyber-attacks.
  • It can target a victim’s friends from Facebook and other social media profiles by sending them phishing messages and rootkit application to increase its reach.
Image: HackerCombat
  • Furthermore, it can hijack your YouTube account to promote malicious adware campaigns for further commercial gains.

Discoverers’ Comments

Image Source: Olhar Digital

In a published report, the researchers at Bitdefender have claimed that Scranos is much more capable of malicious acts in comparison to adware campaigns. Since it’s in early development stage, it hasn’t been able to make a global impact, but it has certainly increased its reach at a fast pace. It is suggested that most targets would be organizations as it seems the attackers wish to use Scranos as ransomware for obtaining money in exchange for regaining of administrative control over the systems. While the research is still on, it has been speculated that Scranos may be disguising a more powerful third-party malware.

What can be Done to Remove Scranos?

As per the report, the first thing to do should be killing the rundl32.exe process in the task manager. Besides this, thorough cleaning of browser history and cookies is also recommended. The report also suggests changing of account passwords and deletion of suspicious browser extensions is also a way to remove the injected code from the system.

Scranos is a new thing in malware trends and its rootkit-based nature is something not very common. Most of the malware attacks are based on malvertising and phishing, however, this seems to change the benchmark. Since tens of thousands of systems are already infected, it’s time that a possible solution to permanently counter Scranos is introduced.

Leave a comment