Rietspoof malware spreads via Facebook Messenger and Skype spam

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Avast researchers spot new malware spreading via instant messaging clients.
Avast security researchers have discovered a new malware strain named Rietspoof that's currently being spread to victims via instant messaging clients such as Facebook Messenger and Skype.

In a report published over the weekend, researchers described this new threat as a "multi-stage malware," that was first spotted in August 2018, but which was largely ignored until a noticeable uptick in distribution efforts last month.

Rietspoof's main role is to infect victims, gain persistence on infected hosts, and then download other malware strains --depending on the orders it receives from a central command & control (C&C) server.
Persistence is gained by the malware by placing an LNK (shortcut) file in the Windows /Startup folder. This is a noisy operation because most antivirus products know to keep an eye on this folder, but Avast says Rietspoof is also signed with legitimate certificates, allowing the malware to bypass security checks.

The infection routine is made up of four different stages --described in greater detail in the Avast write-up here. The actual Rietspoof malware is dropped in stage three, with the last stage being reserved for downloading a more intrusive and potent malware strain.
...
...


 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top