Scranos

By GoldSparrow in Rootkits

Scranos is a malware threat that is used to collect data. PC security researchers have observed that Scranos has rootkit capabilities, making it difficult to remove or deal with. However, considering the sophisticated nature of Scranos, it is surprising that it is used to increase ad revenue on YouTube and artificially inflate subscriber numbers mainly.

The Rootkit Capabilities of Scranos

The Scranos infection has rootkit capabilities. This means that Scranos will infect a computer at a profound level, not limited to the infected computer's operating system and that Scranos will remain on the infected computer even when the affected computer restarts and can only be removed with specific malware tools with anti-rootkit capabilities. Scranos was only studied in Spring 2019 and seemed to have first originated in November 2018. Criminals monetize Scranos through online advertisements, although it is possible to monetize these threats in a variety of ways. It seems that apart from attempting to generate ad revenue, the criminals also are attempting to use Scranos to build a botnet, a large network of infected computers that can be controlled to carry out coordinated attacks.

Tracking Down the Scranos Infection

Scranos was generally delivered to victims by posing as other files online, for example as a video player or a cracked video game. Once the victim opens the file, this malware threat is installed. Scranos uses forged certificates to take over a computer and trick Windows into allowing Scranos to be installed. Once Scranos is installed, it uses its rootkit capabilities to establish itself in the victim's computer and make a connection to its Command and Control server, becoming part of a botnet of infected devices. So far, this botnet has been used to open YouTube videos in mute mode, hiding the Web browser window so that the computer users don't notice, and subscribing to the video's challenge.

How Criminals Monetize the Scranos Infection

So far, Scranos has been observed to promote four specific online videos, as well as several different YouTube channels. Essentially, Scranos uses the victim's computers as fake viewers and subscribers, allowing the criminals to monetize the videos by blowing up their views and subscriptions. It is possible that the services of the criminals responsible for Scranos are being paid for by YouTube users attempting to increase the reach of their videos, or it is possible that there is a connection between the video content producers and the Scranos' creators. Scranos also is capable of using social media to spread to other victims apart from monetizing YouTube videos. If the victim's computer is logged into Facebook, Scranos will attempt to send phishing messages to the victim's Facebook contacts and if on an Android device, Scranos will try to send an Android adware application using the Facebook messenger. Scranos will try to do similar things via Instagram and other social media platforms. Scranos also will inject adware into Web browsers and even attempt to collect various online accounts, such as Steam login information.

Mapping the Extent of the Scranos Attacks

Studying the Scranos threat, malware researchers have determined that there are already several thousand devices infected with the Scranos malware and posing a threat to computer users. Scranos is sophisticated particularly, and it does pose a real threat to computer users. While the Scranos campaign and infections are contained at this point relatively, there is no reason to believe that Scranos will not continue to spread and possible grow drastically, spawning larger malware attacks and a wide variety of copycat malware attempting to monetize their malware attacks in the same way.

Trending

Most Viewed

Loading...