Password stealing malware Scranos expands its operations globally

Hackers behind a complex Scranos rootkit are now spreading malware not only in China but also worldwide

Scranos malware carries operations from its original directory - ChinaScranos malware operating as rootkit, spyware, adware, and other threats is attacking users worldwide

A new malware strain, dubbed “Scranos,” has been recently discovered carrying actions out of its original location in China. This rootkit-based[1] virus has been launching malicious operations all over the world and has been extremely active throughout the last few months this year. According to researchers, those who are keen on downloading and installing pirated software or its cracks are at the highest risk on the infection.

Bitdefender Lab experts[2] claim that Scranos has been infecting numerous devices worldwide, however, the most popular sources of this infection are located in countries such as:

  • India.
  • France.
  • Romania.
  • Italy.
  • Indonesia.
  • Brazil.

Scranos rootkit malware is also capable of infecting all well-known Windows operating systems. This includes Windows XP, Windows 7, Windows 8, Windows 10, etc. However, the most significant number of infections was found on those computer systems which have been using Windows 10 (around 2799 infections found) and Windows 7 (about 1150 infections detected).

The malware includes numerous modules and works as adware, spyware, rootkit, botnet, backdoor

The newly-discovered Scranos malware is capable of pushing a variety of malicious activities. However, the core and also most dangerous module of this cyber threat is the rootkit function, as it profoundly complicates its removal. It also connects to a Command and Control server[3] to receive additional instructions and, based on hackers' inputs, can download additional modules that would execute a different kind of operations.

Additionally, Scranos can work as spyware[4] which spies on particular sensitive details and steals users' account logins, passwords, and even banking credential information that is kept in the infected user's web browser.

Other dangerous modules of Scranos malware include:

  • Sending infectious messages to the affected user's Facebook friends after stealing login details.
  • Sending friend requests to random users via the hacked Facebook account.
  • Relating to data theft of Steam login and password data.
  • Installing JavaScript adware into the Internet Explorer web browser.
  • Injecting rogue extensions to Google Chrome and Opera to launch suspicious apps.
  • Pushing up YouTube subscribers and their channels.
  • Installing and running any type of malicious files/software.

According to the latest information, Scranos is in the development mode but still very dangerous malware. Due to its complex structure and the large variety of modules the virus includes, it can affect and harm computer systems in various unexpected ways. This malware can work as a rootkit, spyware, adware, botnet and even backdoor-type infection.

The main goal of Scanos is distributing malware through adware-based content

According to some researches,[5] the operating purpose and main goal of this malware is to gain as much revenue as possible from its illegitimate and stealth activities. Scanos rootkit malware is interested in spreading advertisement content onto as many computers as possible and promoting malicious ads via ad-supported objects:

They seem to be interested in spreading the botnet to consolidate the business by infecting as many devices as possible to perform advertising abuse and to use it as a distribution platform for third party malware.

If you have been infected with Scranos malware, it is very important to act quickly and perform the removal of this virus. The most important part to terminate is the rootkit as it has the capability of gaining access to any targeted platform. If you are looking for detailed instructions on how to remove this infection, you can find them on Bitdefender's page.[6]

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions