Researchers at the antivirus company Avast have discovered a new strain of malware that can spread by way of Skype and Facebook Messenger spam messages. The malware, called “Rietspoof” is described as a multi-stage malware strain.
It was first discovered back in August of last year, and until recently, didn’t raise any eyebrows because it was seldom used. That has now changed. There’s been a notable uptick in the number of instances of Rietspoof detected on the web.
As malware goes, Rietspoof by itself isn’t all that threatening. Its goal is merely to infect as many devices as possible, serving as a bridge between an infected device and a command and control server that allows other strains of malware to be systematically injected onto infected systems.
Rietspoof accomplishes this goal by placing a shortcut (LNK file) in the Windows Startup Folder. This is one of the critical folders that Avast and other major antivirus programs monitor rigorously. However, Rietspoof has managed to slip through the cracks, bypassing security checks because it is signed with legitimate certificates.
The malware’s infection cycle consists of four discrete steps. Three of them are dedicated to establishing a Rietspoof beachhead on a target system, and the fourth is reserved for the downloading of more intrusive and destructive malware strains.
According to the research team that discovered it, since they first began tracking the malware, it has undergone a number of incremental changes. That lead them to the conclusion that Rietspoof is a work in progress and currently undergoing testing and further development.
Although it may have limited functionality now, that could very easily change as the hackers behind the code continue to modify it. Be sure your IT staff is aware, and stay vigilant!