New to Busy?

// Hacking NEWS // A New Sophisticated Malware Is Conquering the World

1 comment

4 months agoSteemit3 min read

Released in a Trojan horse form, Scranos has an impressive modular platform: data theft, online account retrieval, advertising injection, etc.


A new elaborate and scary malware has just appeared on the security researchers’ radar at Bitdefender Labs. Called "Scranos", it spreads through various and varied Windows software: video players, e-book readers, "security" software, drivers, etc. Initially, this malware was only distributed in China. But since a few months, it spreads around the world.

Once installed, this Trojan will first deploy a series of DLL files that will go to collect cookies from browsers and steal ids from Facebook, Amazon, Youtube and Airbnb accounts. Then it deactivates the Windows Defender Real-Time Protection security software. We are never careful enough.


Before self-destruct, it will finally install a rootkit in a video driver form. This is authenticated by a signature issued on behalf of Yun Yu Health Management Consulting Shanghai. This is probably a stolen certificate.

Before each shutdown of the infected device, this driver saves its data in a file and programs its own reactivation in the Windows registry. That way, at the next start, it can automatically resume its service. Convenient.

A true Scranos masterpiece, this rootkit is able to inject a "downloader" into a legitimate Windows process with the objective, as its name suggests, of downloading other malicious modules. This opens the door to a lot of piracy and scams. One of the modules allows, for example, to diffuse hacked Android applications from the victim's Facebook friends. Another specializes in steam ids theft.

Moreover, it can install browser extensions that will force some pages opening or change the default search engine. The Javascript adv injection or the automatic subscription to Youtube accounts are also part of the catalogue.

Bitdefender Labs -

In short, Scranos is a rather well-crafted cybercriminal platform that allows launching many different activities. The developers of this malware seem to be particularly actives and are constantly testing new modules on the thousands of PCs they have successfully infected up to now. (I must recognize the ingenuity of its creator...)

The malicious potential of this new malware is therefore important ... and must be watched closely.

Source: Bitdefender Labs

Stay Informed, Stay Safe




Sort byBest