Showing posts with label rietspoof malware. Show all posts
Showing posts with label rietspoof malware. Show all posts

Friday, 22 February 2019

Rietspoof Malware on the Rise

Rietspoof Malware on the Rise
Rietspoof malware a new malware discovered by  security researchers is spreading via instant messaging sites like Facebook messenger and Skype. Researchers have said that this new form of malware develops in stages. The rietspoof malware was first discovered in August of last year but had not been taken seriously. An uptick in distribution in the last month has got the rietspoof malware back in everyone’s attention.

Rietspoof malware and its role: 


The main idea behind the rietspoof malware is to infect victims and then persist on the host victim. The malware does this so that it can download other malware onto the host device depending on orders from a central command and control server.

The rietspoof malware gains persistence by downloading an LNK file which is a shortcut file onto the host computer. This tends to be a risky area for malware as most security/ antivirus products know to look at this folder when running security scans. But rietspoof malware has all the legitimate certificates allowing the malware to bypass any security scans.

The actual rietspoof malware consists of four stages. The malware itself is dropped onto the host computer somewhere in the third stage. The last stage is the stage when a more serious malware is downloaded. The last stage malware can cause serious disruption to the computer.

Rietspoof Malware known as a “dropper” or “downloader”: 


The rietspoof malware has come to be known as the “dropper” or “downloader” by those in the tech world. This is because the malware is being used to download other more serious malware onto the computer after it itself has taken root.

Since it is only meant to download a more potent version of malware, its functionality is also reduced. The Rietspoof malware can only download, execute, upload and delete files and in a more serious scenario delete itself when in emergency. However even with this limited functionality, it can still cause serious damage.

Avast the researchers behind discovering the rietspoofmalware, say that since they have discovered the malware, the malware has changed its C&C protocol and gone through some modifications. This had led them to believe that the malware was still being developed. Avast says that they are still not sure whether they’ve got to grasps with the entirety of the malware.

Rietspoof malware not the only “dropper” on the rise: 


“Dropper” or “downloader” malware is on the rise. Rietspoof malware is not the only malware that has developed in the previous months. A malware known as Vidar has helped criminals distribute ransomware and has also obtained passwords on their behalf.

The rietspoof malware downloads itself in stages and offers no information on what hosts it picks. Since its discovery back in August, it was initially thought of to be in its early or developmental stages, since then theRietspoof malware has really begun to pick up speed.

At present the end goal of the rietspoof malware, the choice of targets and exact infection chain remain unknown.