Chrome and Firefox users are being hit by a new strain of malware that’s able to intercept encrypted web traffic.
The malware, known as Reductor, was discovered by security researchers at Kaspersky in April this year. The team performed a full investigation, and have now released their findings in a report.
Reductor is a remote access trojan (RAT), which leaves the infected system open to vulnerabilities over a network. An attacker could upload, download and execute files, though the researchers haven’t yet identified exactly what its creators intended to use it for.
“Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly,” said Kaspersky. “That places the actor in a very exclusive club, with capabilities that few other actors in the world have.”
What to do
The malware only seems to have targeted users in Russia and Belarus; there are no reports of infections elsewhere in the world.
Once threats like Reductor are identified, antivirus companies like Kaspersky add them to their databases of known threats, so they will be detected and deleted during a standard scan.
The best way to avoid any malware infection is to always be cautious online: avoid downloading any email attachments you’re not expecting, and don’t download software from unofficial sources.
For instances when malware slips through your defences, it’s important to use antivirus software, and keep it up to date with the latest threat definitions so you’ll be protected from newly identified threats.