Geeks for your information News Privacy & Security News v
Scranos Operation Uses Signed Rootkit to Steal Login and Payment Info
Scranos Operation Uses Signed Rootkit to Steal Login and Payment Info
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Exclamation  16 April 19, 13:54
Quote:A digitally-signed rootkit is used in wide-reaching malicious activities aimed at stealing login credentials, payment information, and browsing history, spam social network users, and adware activity.
 
Dubbed Scranos by researchers, the rootkit poses as a video driver. Once installed, it can download any payload its operator chooses. The targets range from popular browsers Chrome, Chromium, Firefox, Opera, Edge, Internet Explorer, Baidu, and Yandex to services from Facebook, Amazon, Airbnb, Steam, and Youtube.

The certificate used for signing the rootkit, likely stolen, is a DigiCert issue for Yun Yu Health Management Consulting (Shanghai) Co., Ltd., a company that is not involved in software development. At the moment, the certificate is still valid, BleepingComputer was told.

SOURCE: https://www.bleepingcomputer.com/news/se...ment-info/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 19.3.5 / 19.3.6 Update
Changes in 19.3.6:...harlan4096 — 11:55
AVG 25.12.10659
AVG 25.12.10659: ...harlan4096 — 11:54
Avast 25.12.10659
Avast 25.12.10659:...harlan4096 — 11:53
Microsoft Edge 143.0.3650.80
Version 143.0.3650...harlan4096 — 11:52
Audacity 3.7.7
Audacity 3.7.7 ...harlan4096 — 11:50

[-]
Birthdays
Today's Birthdays
avatar (41)Enlargedterrestrial20
Upcoming Birthdays
avatar (43)ivyhuv

[-]
Online Staff
Cygi's profile Cygi

>