New Scranos rootkit malware pillages passwords and payment accounts

• The malware can extract cookies and steal login credentials from popular browsers such as Google Chrome and Mozilla Firefox.
• It can also compromise payment information present in the users’ Facebook, Amazon and Airbnb accounts.

Security researchers from BitDefender have unearthed a new rootkit malware called Scranos. The malware reportedly steals sensitive information such as users’ login credentials and payment information saved in browsers. On top of stealing sensitive information, Scranos was also found to have other capabilities to achieve other nefarious purposes.

The researchers also suggest that the actors behind the malware were testing new components on infected users, as well as were revamping old components in the malware.

Worth noting

• The malware steals login credentials of users who use well-known browsers such as Google Chrome, Chromium, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer, Baidu Browser and Yandex Browser.
• Payment information furnished by users on Facebook, Amazon, and Airbnb is also stolen.
• According to the BitDefender researchers, Scranos also has the capability to download and execute any payload on the infected system.
• It can display ads or show muted YouTube videos to users who use Chrome. Some of the droppers also installed Chrome if it was not installed on the victim’s system. Additionally, the malware makes users subscribe to YouTube channels without their knowledge.

Platform for third-party malware

Bogdan Botezatu, Director of Threat Research at BitDefender indicates that Scranos was used as a decoy to deploy third-party malware.

“The motivations are strictly commercial. They seem to be interested in spreading the botnet to consolidate the business by infecting as many devices as possible to perform advertising abuse and to use it as a distribution platform for third-party malware,” he told TechCrunch.