Jump to content

Meet the Rombertik, the malware that self-destructs when discovered

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
Meet the Rombertik, the malware that self-destructs when discovered

Researchers at the Cisco-owned Talos Security Intelligence and Research Group have discovered a piece of malware, named Rombertik, that can best be described as exhibiting kleptomaniac and suicidal behaviours.

Ben Baker and Alex Chiu, who were part of the team that unearthed Rombertik, found out that this malware lives on the victim's browser, in a way similar to a parasite, and exfiltrates login details and other sensitive piece of information to an external server.

The data capture occurs at the source itself, i.e. as the target enters it in the browser, before the information is encrypted and sent over HTTPS.

While its propagation methods remains remarkably simple, relying mostly on social engineering and the gullibility of the weakest link in the system (i.e. human beings), it is what follows afterwards that makes it interesting.

"If the sample detected that it was being analysed or debugged it would ultimately destroy the master boot record [MBR]" wrote the pair.

A nasty piece of bits

Doing so just makes your computer unusable forcing you to reinstall your operating system altogether. If the malware doesn't have the permission do that, it will encrypt the home folder and restart your computer.

That is not a new behaviour remarked David Emm, Principal Security Researcher at Kaspersky Lab. ""Trashing sections of a hard disk, or corrupting data was quite common in the 1990s - that was a time when the threat landscape was dominated by cyber-vandalism e.g. Michelangelo, Dark Avenger, Maltese Amoeba, Chernobyl. Equally, it's an approach that has been employed more recently by 'wipers' (e.g. Shamoon) to sabotage infected systems. Likewise, encrypting data, while used in 'old school' attacks for mischief (e.g. One-half) has become a key feature in today's ransomware programs."

Making sure that your antivirus software is installed and up to date, that you don't click on suspicious attachments and block certain types will go a long way to protect yourself.

Source: Cisco's Talos

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.imgS3fWrJvvVX0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept