Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Reveton Ransomware Upgraded to Steal Passwords

The notorious Reveton ransomware has been updated to steal passwords and credentials, according to researchers with security firm Avast.

The notorious Reveton ransomware has been updated to steal passwords and credentials, according to researchers with security firm Avast.

This latest edition affects more than 110 applications and turns the victim’s computer into a botnet client. The malware also steals passwords from five crypto currency wallets, and its banking module is set to target 17 German banks. In all cases, Reveton contains a link to download an additional password stealer.

“Reveton [uses] one of the best password/credentials stealer on the malware scene today,” Avast reported in a blog post. “Pony authors conduct deep reverse engineering work which results in almost every password decrypted to plain text form. The malware can crack or decrypt quite complex passwords stored in various forms.”

Pony includes 17 main modules like operating system credentials, FTP clients, browsers, email clients, instant messaging clients, online porker clients and more than 140 submodules.

The new version of Reveton also has an upgraded lockscreen module. The authors of the malware divided the program into multiple threads, changed the encryption, saved the payload to registry and recreated communication with command and control servers.

“Reveton has also prepared another password stealer downloaded from the Papras family,” Avast researchers noted. “This malware is not as effective as the Pony but contains a powerful AV kill/disable function.”

According to Avast, the most common infection is via some well-known exploit kits, such as Fiesta, Nuclear and Sweet Orange.

In 2012, the FBI issued a warning about Reveton after complaints came pouring in to the Internet Crime Complaint Center about fake messages from the FBI demanding recipients pay a fine for visiting child pornography sites on the Web. Those that didn’t pay would have their computers locked. The ransomware scam demanded victims pay $200 to get control of their computers back.

Advertisement. Scroll to continue reading.

“As we have shown, the high profits from the former Reveton model, unlocking the infected computer after the user pays a ransom, is not enough,” according to Avast. “Malware authors have decided to enter into a new black business area. Passwords to various systems and crypto currency wallets are a very lucrative commodity today. Some passwords (FTP, emails, IM…) are perfectly suited for spreading their malware and build stronger botnets.”

 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.