A new strain of spyware that logs keystrokes and steals data has a destructive side to it, unleashing wiper capabilities if it detects it’s being analyzed and audited.
A limited number of samples of the malware, dubbed Rombertik by researchers at Cisco Talos, were spotted at the start of the year. That relatively small number indicates it could have been used in targeted attacks at the outset, but Craig Williams, security outreach manager at Cisco, said attacks are more widespread now, and are not focused on any particular vertical or geographic location.
“It sounds cliché, but this is really a digital arms race and we’re seeing the next evolution of it here,” Williams said. “They’re no longer content with detect-and-shut-down, now if malware realizes it’s being audited, the binary will destroy the system. It’s a simple case of attackers trying to dissuade researchers from going after a sample.”
View original post 617 mots de plus