Sana Security Warns Users About New Malware Targeting Credentials
Sana Security, a renowned cybersecurity firm, is currently alerting users about a new strain of malware specifically designed to steal usernames and passwords.
The malware, known as “rootkit.hearse,” is more dangerous than previous forms of identity theft malware due to its incorporation of rootkit stealth techniques, making detection extremely difficult.
However, to execute its inherent functions, this malware must first successfully infiltrate the user’s system. It may still employ methods to trick users into downloading malicious code or infecting a computer via other types of malware.
Once it successfully breaches the system, “rootkit.hearse” immediately sends sensitive user information to a server located in Russia.
“Rootkit.hearse” consists of two components: a Trojan that facilitates communication with the Russian server and a rootkit that allows it to remain undetected by security tools. Sana has discovered this malware being downloaded alongside the Win32.Alcra worm.
This malware utilizes concealment techniques similar to the infamous XCP copyright protection software from Sony BMG Music Entertainment. It spends most of its time “lying low” beneath the operating system; however, whenever a user accesses a website requiring authentication, it instantly activates communication with the Russian server. It automatically reads sensitive information, including passwords and usernames, and sends it back to the server.
As of the end of this past Monday, according to testing results from Sana, only 5 out of 24 security products were capable of detecting “rootkit.hearse.”
By yesterday, the Russian server had accumulated over 35,000 usernames and passwords sourced from more than 7,000 different websites. Sana has notified Internet service providers in Russia to address this hosting server. However, the company declined to disclose further details about the server and the service provider involved.
