LTS Secure Warning: TLS Traffic being compromised using New Reductor Malware

Security Researchers have discovered a new malware dubbed Reductor, capable of decoding encrypted TLS communication without the need to manipulate/intercept it. The malware makes it way to systems via:-
  • Software’s downloaded from 3rd party sites.
  • COMpfun-infected systems downloading & installing the malware.
  Technical Details
  • The malware adds digital certificates on victim’s devices without parsing network packets.
  • The Creators of the malware have properly analyzed the browser code, so that they can tweak the PRNG function in the memory of the process.
  • This enables the attacker to identify how the traffic will be encrypted.
  • This also allows the malware to decode traffic & send crucial data to its C&C server.
  Impact
  • Manipulate digital certificates installed on victim machine.
  • Uploading & downloading files.
  • Create new process to execute specified files.
  • Delete files at a specified path.
  Recommended Actions
  • Try to avoid downloading and using any Freeware application.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.