Bit Defender researchers have launched an alert since April 16, 2019
They say they have discovered a new malware that is currently wreaking havoc on PCs running Windows. Called "Scranos", the virus first appeared in China before spreading. It infects computers with elaborate techniques that allow it to update itself regularly.
As the researchers explain in their multi-media publication, Scranos is spreading by the Trojan horse method, hiding in various seemingly harmless software like video players or e-books readers. and even security utilities and drivers. Once in place, it installs shared libraries that can scan browser cookies and retrieve a lot of sensitive information, including account credentials, codes, and passwords from various online services like Facebook, Amazon, YouTube or Airbnb.
According to experts, this newly discovered virus "disables the real-time protection of Windows Defender installed by default with Windows, so as to go unnoticed." "Scranos then moves on to the next step by installing a disguised rootkit as a signature-authenticated graphics driver on behalf of a Chinese company (Yun Yu Shanghai Health Management Consulting), a module that modifies the Windows registry so that it automatically activate each time you start the computer without being detected ", can we understand.
The damage caused by Scranos is not all known. But, it seems that its creators are already using it massively to create a network of "slaves PC" (a net bot) generating fake clicks on advertisements displayed in YouTube channels. A process to make their misdeeds profitable. The researchers, through their publication, report that Scranos is constantly evolving, through a module that constantly updates it and allows it to download other malicious components.
One of them would be used to send malicious applications via Facebook to the friends of his victims. Another would install extensions to browsers to inject advertisements or force the opening of certain pages. The experts at Bit Defender believe that it is appropriate for any user to update its antivirus and launch an analysis as soon as possible.
As the researchers explain in their multi-media publication, Scranos is spreading by the Trojan horse method, hiding in various seemingly harmless software like video players or e-books readers. and even security utilities and drivers. Once in place, it installs shared libraries that can scan browser cookies and retrieve a lot of sensitive information, including account credentials, codes, and passwords from various online services like Facebook, Amazon, YouTube or Airbnb.
According to experts, this newly discovered virus "disables the real-time protection of Windows Defender installed by default with Windows, so as to go unnoticed." "Scranos then moves on to the next step by installing a disguised rootkit as a signature-authenticated graphics driver on behalf of a Chinese company (Yun Yu Shanghai Health Management Consulting), a module that modifies the Windows registry so that it automatically activate each time you start the computer without being detected ", can we understand.
The damage caused by Scranos is not all known. But, it seems that its creators are already using it massively to create a network of "slaves PC" (a net bot) generating fake clicks on advertisements displayed in YouTube channels. A process to make their misdeeds profitable. The researchers, through their publication, report that Scranos is constantly evolving, through a module that constantly updates it and allows it to download other malicious components.
One of them would be used to send malicious applications via Facebook to the friends of his victims. Another would install extensions to browsers to inject advertisements or force the opening of certain pages. The experts at Bit Defender believe that it is appropriate for any user to update its antivirus and launch an analysis as soon as possible.
