New Rietspoof malware going viral on Skype and Messenger

Researchers from security firm Avast recently found one new malicious program known as Rietspoof which's presently infecting and making victims through Skype and Fecebook Messenger the instant messaging platforms.

A fresh malware group, Rietspoof delivers multiple payloads through a number of stages onto computers it infects. Moreover, no information or little of it is available regarding the type of audience it attacks. The primary role of Rietspoof involves infecting PCs, maintaining stubborn presence on the contaminated hosts, followed with installing other malicious programs based on the instructions issued to it from its command-and-control infrastructure.

A complete assessment about a Rietspoof sample is available from MalwareHunterTeam. The team carried out the analysis utilizing an online platform called Automated Hybrid Analysis. Another security investigator conducted an assessment of Rietspoof's installer utilizing an online service known as SEKOIA Dropper Analysis.

Four researchers from Avast namely Lukas Obrdlik, Adolf Streda, Jan Sirmer and Luigino Camastra state that their data indicates that Rietspoof's payload delivered through the first phase relied on Messenger or Skype. Subsequently, in the second phase, the malware dropped an extremely obfuscated VBS or Visual Basic Script wherein the stage is hard-coded as well as encrypted for one CAB file, an executable. This executable carries a digital signature from an authorized signatory, primarily utilizing Comodo CA. In the fourth phase, the .exe file plants one downloader. www.bleepingcomputer.com posted this, February 18, 2019. But prior to reaching the 3rd and 4th phases, the Rietspoof malware strain acquires persistence with the aid of a technique incorporated into it since January 22. That technique involves appending WindowsUpdate.lnk to Windows rebooting folder that executes one inflated Portable Executable binary following every startup.

The Threat Intelligence Team from Avast made its foremost detection of Rietspoof during 2018 summer. Moreover, the team found over-time the malicious program took onto one fresh CnC server, while imbibed other smaller alterations, suggesting Rietspoof ongoing active development.

Right now, Rietspoof's exact infection, targets and ultimate objective aren't known; however, it's comprehensible that its perpetrators are continuously increasing its speed of deployment and development, introducing fresh features and enhancing the existing strain through new updates daily.

» SPAMfighter News - 2/22/2019