A team of researchers at Cisco’s Talos Group were the first to spot this malware named “Rombertik.” The malware is usually found to invade computers through email attachments to spy on user’s web activity and steal login information.
A sample spam email that was used to propagate Rombertik
While performing an analysis, Talos researchers found a strange activity with the malware which has initiated an anti-analysis function to erase the infected hard drive completely to avoid detection and analysis. After the automatic erase, the computer will restart and get stuck until the user re-installs the operating system.
“As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples. Better static, dynamic, and automated analysis tools have made it more difficult for attackers to remain undetected. As a result, attackers have been forced to find methods to evade these tools and complicate both static and dynamic analysis,” explains Talos group.
Rombertik malware not only put user data on danger, but also makes things much harder for anti virus software to detect the malware.
(click to enlarge)
Read Also: The NSA Has Used Fake Websites to Install Malware on PCs
Head over to Cisco blog for more information.
[ Via: Ars Technica / Source: Cisco Blogs ]
(All images, trademarks shown on this post are the property of their respective owners)
Follow @nrjperera – Roshan Jerad Perera