A rootkit-driven malware strain that first appeared only late last year has already spread to tens of thousands of systems worldwide, researchers say, as its creators use it to drive false traffic for web-based advertising.
Bitdefender said it began analysing the malware that it calls Scranos last year, finding that while it already has a high degree of sophistication it is also being actively developed, with its developers using infected systems to test new components and update older ones.
Scranos began by infecting systems in China, as Tencent warned in January, but is now found on systems worldwide, with France and Italy amongst its top international targets, as well as India, Romania, Brazil and Indonesia.
The malware initially infects systems via a Trojanised application that may appear to be cracked software or a legitimate utility such as a video player or an e-book reader.
It is signed with a legitimate security certificate, probably stolen, that was issued to a Shanghai-based health company.
The certificate hasn’t been revoked in spite of the misuse, Bitdefender said.