Scranos - Rootkit-Enabled Spy | Prevent the Password Stealer

Scranos: A threat to your privacy! Steals Password & pushes Youtube clicks

There’s a piece of the latest news trending recently on one of the rootkits named “Scranos”, and you wouldn't believe that the security researchers have successfully discovered this peculiar new type of malicious malware.

“Scranos” objective is to target a victim’s device and steal their personal information like login id & passwords, and account payment details saved on victim’s browser and also secretly pushes up YouTube subscribers to boost the revenue.

This malware/ virus specifically “Scranos,” impacts the machine using it’s rootkit capabilities by hiding among the system files to gain persistent access; regardless of how many times the system was restarted.

After the recent analysis on Scrnos by Bitdefender, they revealed that this dangerous rootkit has shot up the number of its infections in the months after it was first recognized in November.

The director of threat research and reporting at Bitdefender, Bogdan Botezatu in his email stated that “The motivations are strictly commercial,” and also added that “They seem to be interested in spreading the botnet to consolidate the business by infecting as many devices as possible to perform advertising abuse and to use it as a distribution platform for third-party malware.”

Bitdefender discovered that this malware spreads via infected downloads that disguise as genuine apps like e-book readers and video players.

Also Read: 20 Best and Free Offline Games for Android & iPhone (No Wi-Fi Needed)

The fraud apps are digitally signed probably from any deceitfully generated documents or certificate to prevent getting hindered by the Computer.

Botezatu said “By adopting this method, the hackers are much more likely to infect victims,” instantly after taking over the system, the rootkit takes clutch to maintain its presence. It then sends a message to its Control and Command Center to download other malicious files.

A number of the multiple essential components transmitted with malicious content can result in the following issues:

• It extracts cookies and hijacks login credentials from the commonly used browsers i.e., Google Chrome, Opera, Mozilla Firefox, Microsoft Edge, Baidu Browser, Internet Explorer, Chromium, and Yandex Browser.

• It steals payment accounts of the victims from their accounts like Facebook, Amazon, and Airbnb webpages.

• It can also send friend requests from the user’s social media accounts like Facebook to fetch private details of other users.

• It also sends phishing messages to the victims over Facebook that might contain malicious APKs which can also be used to affect Android users.

• It inserts malicious JavaScript to install adware & extensions through the most common browsers like Internet Explorer, Chrome, Firefox, and Opera.

• We found some droppers that can install Chrome if not installed on the victim’s computer. They silently display ads or muted YouTube videos to users via Chrome to generate revenue for the malware developers.

• Subscribes users to their YouTube channels; to download and execute any payload.

Botezatu said “This threat is an extremely complicated one which took a lot of time and effort to set-up,”

The researchers believe that at least botnet has tens of thousands of devices already hooked with this virus.

He concluded with “Rootkit-based malware exhibits an unusual grade of sophistication and dedication,”

Tips to Prevent virus and malware from Infecting Your System: