Bitdefender IT Security Specialists have discovered an aggressive computer threat that hides on the infected device and has access to all personal data.
Called Scranos, the threat is rapidly spreading globally, with extremely intense activity in Romania, India, Brazil, France, Italy and Indonesia. Scranos infects the user’s device both through legally apparent applications, such as e-readers, video players, drivers, or even security solutions, as well as through illegally installed programmes, ziare.com reports.
Once installed in the system, Scranos hides with a rootkit (a software driver) and can spy the victim up to the smallest details. Thus, the threat can extract access data from various browsers such as Google Chrome, Chromium, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer, Baidu Browser, and Yandex, and may extract payment data from Facebook, Amazon and Airbnb, but also may send friendship requests and messages with infected links from the victim’s Facebook account or may subscribe to various YouTube channels. Of the YouTube channels promoted by the attackers and monitored by Bitdefender, one has gathered more than 3,100 subscribers in one day.
Moreover, Scranos can extract the entire Internet browsing history and may download and execute files for the attackers. Almost two thirds of the victims use the Windows 10 operating system, and a quarter uses Windows 7.
All of the identified samples confirm that the operation started in November 2018, with activity peaks in December 2018 and January 2019, and has now entered the consolidation phase.
After March, the attackers ‘control servers have begun to disseminate other samples of computer threats, a clear signal that the criminal group’s network is being used by third parties to install infected programmes on the victims’ devices.