Reductor infection compromises HTTPS traffic, spies into browser activity

Kaspersky recently detected one fresh malware attack which grabs control of the victims' exchange of messages with HTTPS while makes it possible for the hackers towards loading fake authorization certificates followed with sneaking into browser operations of those victims. The malware is called Reductor which was first detected during 2019 April. It's believed that certain gang called Turla is its controller. According to Kaspersky, Turla is one Russian-speaking gang while the Reductor malware has links with a former Trojan called COMpFun.

The uniqueness about Reductor is that when a victim is conducting communication with a website from his browser, the malware possesses the capability of interfering within the process. www.itproportal.com posted this, October 5, 2019.

Kaspersky's security researchers explain that the Reductor malware is installed onto a target PC through 2 key attack vectors. One, via PCs infected with COMpFun wherein one fresh sample of Reductor is planted. Two, if the target PC pulls down software available on intermediate websites, an attack vector is created.

The software downloader as required comes from Warez online sites that provide pirated software free-of-cost. These installers, originally obtainable on the sites, aren't infected; however, they get loaded onto the victim's computer bundled with malicious program.

As Reductor manages contaminating the PC, it's utilized for spying on whatever victims do inside their browser. This is possible as the malware patches simulated generators of random numbers in the browser - the generators originally tasked with making sure the client's link with the server is kept private and secure.

And as Kaspersky researchers describe Reductor like a malware, which hijacks encrypted communications on the World Wide Web in a fairly impressive manner, its sophistication provides the controllers of the malware capabilities which are rare with other threat actors across the globe. These capabilities extend much more than the regular functions of RATs (remote access Trojans) which one may expect, in particular, the moving over of malevolent content and their execution. By enhancing Reductor's capability of hijacking encrypted HTTPS traffic, which's believed for making web traffic secure, the malware creates opportunity for the attackers towards eavesdropping onto whatever information is released inside the browsers.

» SPAMfighter News - 10/11/2019