New Multi-Stage Rietspoof Malware Spreading Via Famous Instant Messaging Apps
Social media is an evolving attack vector, which many business organizations are blind to.
Whether it’s blocking targeted phishing attacks, protecting corporate accounts from getting compromised, fighting fraud or defending against scams and impersonating accounts, social media security is critical for modern business success.
Cybersecurity researchers at HTRI have documented a recent malware named ‘Rietspoof’ that is using Facebook messenger and Skype spam to infect host computers.
The popular instant messaging applications are being used to spread the new ‘multi-stage malware’ which is enabling hackers to steal personally identifiable information (PII) and other valuable login credentials by accessing remote control of users’ devices.
Rietspoof malware first infiltrates the security vulnerable system through Facebook messenger and Skype spam and then gain persistence on the victim’s device, after which it starts downloading other malicious programs into the host computer.
Once successfully inside your computer, it allows criminals to direct the infected host computer by sending malicious instructions via command and control servers.
The primary purpose of the Rietspoof malware is to achieve persistence on a host computer by placing the LNK (shortcut) file in the Windows/Start-up folder.
This is a risky operation for any new malware threat as most anti-virus programs know about their behavior and keep a close eye on this folder.
However, the new multi-stage malware manages to bypass the authentication by the anti-virus programs, as Rietspoof is signed with legitimate certificates, thereby escaping the security checks.
Rietspoof malware uses a multi-stage delivery system to compromise its targets, each of them having specific capabilities with one acting as a bot that can download/upload malicious files or payloads to initiate self-destruction and another behaving like a controlled server to execute the malicious commands.
According to cyber experts reports, in the first stage malicious payload is executed which will instantly retrieve the next part of the module — a CAB file.
In the second stage, the script will run the CAB file which is signed with a valid digital signature – this does not raise any alerts as this appears to be just like any normal file execution.
Rietspoof's third stage is the one which will drop the malware that can be used by the cybercriminals to start processes on the compromised machines, download and upload files, as well as send updated self-destruct commands.
The fourth and last stage act as a malware downloader and will attempt to download another potent malware onto the compromised system, and the cyber-attackers behind this infection are continuously accelerating its development and deployment speed by adding new features and improving/updating the already existing malware.
Conclusion
Nowadays, cybervandals have learned to make their malware infections more adaptable, resilient and destructive than ever before. While no silver bullet can provide a shield against all cyber risks at the same time. Hence, what do we need?
First, we must upgrade our cyber defense systems and processes to more effectively guard against botnets or specific application vulnerability attacks, as well as to respond in a timely and robust manner to prevent any future intrusions.
Note* - We recommend ITL Total Security and Malware crusher, among the best reputed anti-malware software which will protect your machines, servers and other IoT devices from Trojans, hijackers, adware and other network volumetric attacks.
They are fully loaded with many useful features like Invalid Registry Cleaner, Real-Time Protection, Web Protection, Live updates, and many more to protect your system from all kinds of disarray and keep you safe always.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool