Thursday, November 5, 16:56
Home security Rietspoof malware spreads through Facebook Messenger and Skype

Rietspoof malware spreads through Facebook Messenger and Skype

malwareIn a report released on Saturday (February 16), the researchers described a new malware, which they described as "multi-step malware", which was first detected in 2018 in August, but was largely ignored at that time, of his rare activity.

When the team of researchers began to monitor it malware, was updated only once a month. However, since January of 2019, the company saw a remarkable increase in the number of times malware was being updated.

According to Avast, malware is now spreading on a daily basis.

Rietspoof malware

Το Rietspoof έχει τη δυνατότητα να μολύνει τα θύματα, να αποκτά πρόσβαση στους μολυσμένους ξενιστές και στη συνέχεια να κάνει λήψη άλλων στελεχών κακόβουλου λογισμικού, ανάλογα με τις εντολές που λαμβάνει από έναν command & control (C&C) server.

Η πρόσβαση αποκτάται τοποθετώντας ένα αρχείο LNK στο φάκελο Windows / Startup. “Αυτό το αρχείο τρέχει ένα εκτεταμένο αρχείο PE μετά την εκκίνηση, για να εξασφαλίσει ότι το εκτελέσιμο αρχείο θα τρέξει αν το μηχάνημα επανεκκινηθεί”, δήλωσε η Avast.

This is a feature that does not go unnoticed, as most antivirus products are tracking this type of file, but Avast says Rietspoof appears to have legitimate certificates that allow it to bypass security checks.

Malware has four different stages

The process of attacking a device consists of four different stages. The actual malicious software enters the third stage, with the final and final stage destined to receive a more unpleasant and effective malware.

“Παρατηρήσαμε ότι η ανάπτυξη αυτού του τρίτου σταδίου εξελίσσεται ταχέως, μερικές φορές τρέχοντας δύο διαφορετικούς κλάδους ταυτόχρονα. Κατά την ανάλυσή μας, το πρωτόκολλο επικοινωνίας τροποποιήθηκε πολλές φορές και προστέθηκαν νέα χαρακτηριστικά”, δήλωσε η Avast.

Η Avast περιέγραψε το Rietspoof malware ως “dropper” ή “downloader”, το οποίο λειτουργεί παρόμοια με ένα Trojan και εγκαθιστά κι άλλα στελέχη malware.

When it is alone, this feature is limited, according to security researchers. It can download, execute, upload and delete files and in case of emergency, it can also be deleted.

Avast argues that there are likely to be more stages of infection that have not yet been discovered.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Expenditure on smart city technologies will increase by 22,7% by 2025

Research firm Frost & Sullivan has released a new report that analyzes global spending on smart city technologies that will ...

23,600 compromised databases leaked to the internet

More than 23.000 compromised databases are available on hacking forums and Telegram channels, with security experts saying it is ...

Watch Dogs: Legion was hacked and the source code was released on the internet

Watch Dogs: Legion is a Ubisoft game set recently released in London and has to do with hacking ....

How to disable Pop-up Blocker in Chrome

The appearance of pop-ups while browsing the web can be annoying, but sometimes you want to see pop-ups ....

Russian hacker arrested by Russian authorities for targeting locals

Russian authorities arrested a malware creator in late September, causing surprise as Russia is a country that is usually lenient ...

How to block websites in Chrome (Desktop and Mobile)

Suppose you want to block specific websites, such as Facebook or Pinterest, on the computer you are working on to ensure that ...

Cisco: Zero-day vulnerability in Cisco AnyConnect Secure Mobility Client

Cisco today unveiled a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code being ...

Which ransomware gangs do not delete stolen data after ransom payment?

Ransomware gangs are less and less keeping their promise to the victims that they will delete the stolen data after the payment ...

Android Updates November: Google fixes 30 vulnerabilities

Google this week released its monthly security updates for the Android operating system, which fix a total of 30 vulnerabilities.

US: Seized 27 domains that spread propaganda in favor of Iran!

The United States announced yesterday that it had seized 27 domains used by the Army of the Islamic Revolutionary Guard Corps (IRGC) for ...