In April, Bitdefender broke the news of an emerging botnet dubbed Scranos. Originating from China, it has spread across Europe and the United States, snaring Windows and Android devices with advertising fraud and social network manipulation.
Our original report shone a spotlight on Scranos operators and exposed their illicit use of Authenticode certificates, and other actions. After Bitdefender reached out to Digicert to report the certificate used to sign the rootkit driver for malicious use, the Scranos operators lost their main mechanism to ensure persistence and disguise. When the the Scranos report was published, attackers saw their command and control infrastructure get flagged for malicious activity and shut down.
We kept an eye on the developments in the weeks after the publication and documented how the operators tried to rebuild the botnet and restore functionality. This led us to identify new components used to generate ad revenue in the background by visiting arbitrary URLs with Google Chrome and to disguise these ads as notifications, generating additional ad revenue at the user’s expense.
This report, which updates our original research, includes:
Want to learn more? Download the full paper below:
tags
June 08, 2023
May 02, 2023
January 11, 2023
January 05, 2023