Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Reveton Ransomware Upgraded to Steal Passwords

The notorious Reveton ransomware has been updated to steal passwords and credentials, according to researchers with security firm Avast.

The notorious Reveton ransomware has been updated to steal passwords and credentials, according to researchers with security firm Avast.

This latest edition affects more than 110 applications and turns the victim’s computer into a botnet client. The malware also steals passwords from five crypto currency wallets, and its banking module is set to target 17 German banks. In all cases, Reveton contains a link to download an additional password stealer.

“Reveton [uses] one of the best password/credentials stealer on the malware scene today,” Avast reported in a blog post. “Pony authors conduct deep reverse engineering work which results in almost every password decrypted to plain text form. The malware can crack or decrypt quite complex passwords stored in various forms.”

Pony includes 17 main modules like operating system credentials, FTP clients, browsers, email clients, instant messaging clients, online porker clients and more than 140 submodules.

The new version of Reveton also has an upgraded lockscreen module. The authors of the malware divided the program into multiple threads, changed the encryption, saved the payload to registry and recreated communication with command and control servers.

“Reveton has also prepared another password stealer downloaded from the Papras family,” Avast researchers noted. “This malware is not as effective as the Pony but contains a powerful AV kill/disable function.”

According to Avast, the most common infection is via some well-known exploit kits, such as Fiesta, Nuclear and Sweet Orange.

In 2012, the FBI issued a warning about Reveton after complaints came pouring in to the Internet Crime Complaint Center about fake messages from the FBI demanding recipients pay a fine for visiting child pornography sites on the Web. Those that didn’t pay would have their computers locked. The ransomware scam demanded victims pay $200 to get control of their computers back.

Advertisement. Scroll to continue reading.

“As we have shown, the high profits from the former Reveton model, unlocking the infected computer after the user pays a ransom, is not enough,” according to Avast. “Malware authors have decided to enter into a new black business area. Passwords to various systems and crypto currency wallets are a very lucrative commodity today. Some passwords (FTP, emails, IM…) are perfectly suited for spreading their malware and build stronger botnets.”

 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.