InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,221.42
(
-0.02%
)
US TECH 100
17,728.00
(
0.03%
)
Dow Jones
39,431.51
(
0.00%
)
Brent Oil
82.91
(
-0.36%
)
Bitcoin
61,778.84
(
-1.79%
)
Post# of 285888
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next

Theo

Send PM Follow Ignore
Followers 74
Posts 16353
Boards Moderated 3
Alias Born 04/24/2000

Theo

Member Level

Re: Wildbilly post# 274822

Friday, 10/11/2019 8:52:27 AM

Friday, October 11, 2019 8:52:27 AM

Post# of 285888
Just when you thought it was safe to get back in the water:
New Malware Infects Legit Downloads On the Fly

"A new piece of malware can intercept Internet traffic to spot people downloading legitimate installation files and replace them with "infected" copies. Security company Kaspersky went as far as calling it "impressive" from a technical, if not moral standpoint.
Kaspersky has dubbed the malware "Reductor," after a term that appears in some of the code. It discovered the malware in April, 2019, so the fact it's only just going public suggests it took some serious analysis. (Source: securelist.com)

The malware's operation is exceedingly complicated, but one a machine is infected with it, the general principle involves the creators having analyzed the code that makes the Firefox and Chrome browsers operate. That let them figure out a way to predict the supposedly random numbers used while encrypting web traffic.
Web Certificates Manipulated

As a result, they are able to decode encrypted web traffic without having to intercept or manipulate it in a way that could easily arouse attention. In turn, the creators are able to install bogus securitycertificates on the browser that appear genuine.

Kaspersky believes the malware creators are using these powers to spot people who have just downloaded legitimate installation files for software. They are then able to immediately replace the legitimate files with bogus copies that are actually infected with malware.

That undermines a key computer security tactic of checking security certificates to make sure downloaded files are indeed from the source they claim to come from.
Russia And Belarus Targeted

Kaspersky told The Register that "We haven't seen malware developers interacting with browser encryption in this way before. It is elegant in a way and allowed attackers to stay well under the radar for a long time." (Source: theregister.co.uk)

The good news for Westerners (at least) is that the malware appears to be specifically targeted at users in Russia and Belarus. The level of sophistication implies that the malware creators have significant professional support possibly from a government. The risk is that their techniques will likely become adopted by cyber criminals who go after the wider public.

For now it doesn't appear there's any immediate action users need to take. However, it's a reminder that using a range of cyber defenses, including scanning files before download and then again before opening, may be safer than sticking to a single method.

Theo ;-)

Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Last Read Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up