The big picture
Reductor is a new malware strain documented by researchers at Kaspersky Lab.
The malware doesn’t carry out man-in-the-middle attacks, it infects the browser itself.
Because of the similarities this malware shares with the COMPfun malware, there is a possibility that Turla is the responsible threat actor.
“The Kaspersky Attribution Engine shows strong code similarities between this family and the COMPfun Trojan. Moreover, further research showed that the original COMpfun Trojan most probably is used as a downloader in one of the distribution schemes. Based on these similarities, we’re quite sure the new malware was developed by the COMPfun authors,” says the research.
According to researchers, victims of this campaign align with that of Turla threat group’s interests.