Researchers with Bitdefender are tracking a new sophisticated rootkit-based malware dubbed “Scranos” that is targeting systems in order to steal data. When Scranos was detected in December of 2018, it mainly went after targets in China and other Asian countries. However, the campaign began to spread globally at the end of January and is now infecting computers in India, Romania, Brazil, France, Italy, Indonesia and elsewhere. The researchers believe the initial regional focus of the malware may have been part of a “test phase” because it is easier to infect systems in Asia through unofficial app stores, which are much more popular there than in other parts of the world.
Scranos is distributed as a fake app and is linked to various payloads that allow it to steal sensitive data including login credentials and payment information. Researchers believe that the authors of the malware are “still in the experimentation stage,” because they are constantly making changes and improvements to the code. It is likely that the threat actors will start to focus more on monetization in the near feature, which could take on different forms, such as advertising Scranos to cybercrimine groups or using it for the distribution of ransomware.
Read more: Meet Scranos: New Rootkit-Based Malware Gains Confidence