Let’s dish about that ugly, nasty Scranos

Not that guy!!!!

No, not that guy! *Scranos*.  


Scranos, the data-stealing malware which, according to ZDnet in an article dated June 13, 2019 claims, “…has returned with new attacks and nasty upgraded features”. It’s not quite as scary as a being capable of erasing half the population of earth, but you would not know that when reading the scare stories of security writers.  

Scranos, described as a “multi-functional rootkit-backdoor-infostealer-adware”, targeted both Windows and Android operating systems. It was halted back in April this year when their authenticode signatures were revoked. The thing that makes this threat particularly heinous is its nature: it is modular.  It can ping its command and control structure for additional instructions, then download additional modules to execute instructions. Bitdefender researchers observed the operators of this rootkit-enabled spyware continually evolving, developing and releasing numerous new modules with the capabilities to:

  • Send malicious emails
  • Steal logon credentials
  • Steal payment accounts
  • Install and execute droppers
  • Launch browsers and videos silently
  • Download and execute payloads *on behalf of other criminal organizations*
  • And much more

This adware produces multiple possible streams of income for the operators.  Here is a list of the revenue streams that have been observed, but it is certainly not all-inclusive:

  1. They can gain ad revenue by directing users to their own sites.
  2. They can use your computer and electricity to mine crypto-currency.
  3. They can directly steal funds from your payment accounts.
  4. Scraping of logon information produces lists which they can sell on the dark web.  
  5. Simply having access to control the function of the remote spyware nodes provides an engine they can and do sell to other criminal enterprise.

The possibilities are pretty staggering.  But how does one become a victim of this nasty-sounding malware?  By execution, of course!

Bitdefender noted in their excellent deconstruction of this malware; “…this malware spreads via Trojanized applications disguised as cracked software, or applications posing as legitimate software such as e-book readers, video players, drivers or even antimalware products. When executed, a rootkit driver is installed to cloak the malware and ensure persistence. The malware then phones home and is told what other components to download and install.“

Emphasis has been added to the above quote to underscore that execution is necessary for Scranos to threaten your network. But…if you use Execution Control, un-authorized software cannot be installed. If unauthorized software cannot be installed, rootkit drivers cannot be installed.  With Execution Control this “multi-functional rootkit-backdoor-infostealer-adware with new attacks and nasty upgraded features” is about as dangerous as this kitten:

scary kitty

White Cloud Security makes Execution Control accessible and easy.  Our Trust Lockdown technology utilizes trust-lists of patented unbreakable Cyber-Metric handprints to prevent execution of all untrusted applications.  Our structure is simple and designed to scale.  The interface is intuitive, allowing you to utilize the trust-lists of colleagues, manufacturers, specific applications and more.  We can instantly halt infections in progress without download of signatures and without time consuming scans.

Our method of malware prevention is the number one recommended approach by US-CERT, NIST and the governments of Australia and Canada. In a world where cybersecurity has become increasingly complex, where costs of cyberdefense is skyrocketing, White Cloud Security offers a brilliantly simple, bulletproof and cost-effective solution to halt unauthorized execution.  

The solution is Trust Lockdown   

You won’t need to hire more engineers to manage Trust Lockdown.  The best part? You will be able to sleep at night knowing you are inoculated against unwanted execution of malicious software, drivers and scripts.

Contact White Cloud Security today to get started.

Leave a Reply

Your email address will not be published. Required fields are marked *