Researchers from Kaspersky reported that a new malware that intrudes HTTPS traffic by controlling web browsers random numbers generator applied in the procedure of creating an encrypted communication between user with the web page. It has been discovered on April 2019 and it managed to bypass HTTP protections.
Thought to be connected to an espionage-focused hacking crew known to be as Turla, the malware has linked to its ex-successor – ‘COMpFun’. Coming with the rogue installation certificates, it allows the manipulators to be able to track a user’s activity. It also makes the infection to provide pathway for other malware installers turn out to be legitimate software.
Although we know that “S” in HTTPS stands for “Secure” it does not mean the users who are using the browsers are totally safe anymore, because there are highly skilled hacking individuals who are still capable to snicking through the process. Reductor is a tool created for spying on diplomatic institutions in CIS nations, mainly by overseeing their workers’ internet traffic.
Kaspersky justified that asides from RAT works such as uploading, downloading as well as executing files, Reductor’s developers has putting a vast amount of their effort to control digital certificates and tracing outbound TLS traffic with special host connected identifiers.
This ingenious malware tend to intrude through popular software distributions such as WinRAR, Internet Download Manager and so on via a popular website over HTTP, or through its decryptor is distributes through COMpFun’s capability to download files on formerly infected hosts.
Kaspersky’s Global Research and one of its Analysis Team member said they have not witness the malware authors communicating with the browser encryption in this way before. The attacker has the capability to patch clean software while it has been downloaded from websites to computers. Those software came from software websites, which offer free downloads and pirated software.
The original software sourced from original website has not been affected, nevertheless the malware still has been ended up in user’s computer. In summary the reductor’s authors has some manipulation over the specific targeted network pathway and replace the installation software while it has been downloaded.
Reference Chart below shows the Reductor’s feautures:
There are steps to clean up and avoid less chance for getting the malware infection:
- Always perform Windows Update for your system, browsers, and plugins.
- Enable plugins
- Clear to uninstalled the software you do no need.
- Be an eagle eye while checking your every e-mail to prevent phishing attacks.
- Avoid call fake tech support numbers
- Create complicated passwords with a mixture of uppercase, lowercase, numbers, symbols and alphabets.
- Ensure secure connection for your internet.
- Logout your credentials from websites.
- Establish firewall, anti-malware anti-ransomware, and anti-exploit technology.