“Known as Scranos, the threat has rapidly spread globally, with intense activity in Romania, India, Brazil, France, Italy and Indonesia. Scranos infects the device through apps that appear legitimate, like e-readers, video players, drivers, and security solutions”, Bitdefender representatives say in a press release.
Once installed, Scranos hides with the help of a software driver called rootkit, and spies on the victim. This way it can extract data from Google Chrome, Chromium, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer, Baidu Browser and Yandex.
The threat can also extract payment data from Facebook, Amazon and Airbnb, and send friend requests and messages with infected links from the victim’s Facebook account and subscribe the victim to certain YouTube channels.
“Some of the YouTube channels promoted by the attackers and monitored by Bitdefender have gathered 3,100 subscribers in one day”, according to the press release.
Experts warn that all samples identified confirm that operations started in November 2018 have entered a stage of consolidation.
“The digital signature of the driver that masks the Scanos attack is issued for Yun Yu Health Management Consulting (Shanghai) Co., Ltd, and has been revoked for suspicious fraud activity.
To avoid the attack, users should upload and install licensed apps, use an advanced security solution and always update their operating systems and all the programs they use, Bitdefender recommends.