12315 Parc Crest Dr, STE# 160
Stafford, TX 77477
713-590-9720
Call Us
Malware that hijacks HTTPS traffic by manipulating browsers

Malware that hijacks HTTPS traffic by manipulating browsers

Kaspersky, an international company dedicated to computer security with a presence in approximately 200 countries around the world, has discovered a new malware infection that intercepts the interaction of victims with HTTPS, allowing hackers to install fake digital certificates and spy on the activity of browsers. the victims.

Malware known as "Reductor" was detected in April of this year, and cybersecurity experts believe that a group of Russian origin, known as Turla is responsible for it and that " Reductor " is connected to a Trojan known to the name of COMpFun.

What distinguishes "Reductor", is the fact that it can interfere in the process of exchanging information between the browser and a website, through the HTTPS protocol, which should be encrypted and inaccessible to third parties.

"Reductor" is a tool developed for data exchange intrusion and was used for cyber espionage of diplomatic entities in countries of the Commonwealth of Independent States, mainly through the control of Internet traffic of its employees.

In addition, the modules discovered in "Reductor" have RAT (Remote Administration Tool) functions and the capabilities of this malware are almost unlimited.

"Reductor" spreads through the COMpFun Trojan or supposedly legitimate software, resulting in infection on users' computers causing them to carry malware to other destinations.

Once"Reductor" is installed, you can manipulate the installed digital certificates, patch the pseudo-random number generator of the browser that is used to encrypt traffic.

The malware adds digital certificates from its data section to the destination host and allows operators to add additional certificates remotely through unauthorized access.

"Reductor" doesn’t touch the network packets at all; instead, it patches the functions of the Firefox source code and the Chrome binary code to alter the functions corresponding to the generation of pseudorandom numbers (PRNG) in the process memory.

Hackers can also install an identifier based on both hardware and software, in order to better identify their victims and be able to achieve their "personal data theft."

Andrea Leal

Reduce, Reuse, Recycle

Contact Us