LTS Secure Warning: TLS Traffic being compromised using New Reductor Malware

Security Researchers have discovered a new malware dubbed Reductor, capable of decoding encrypted TLS communication without the need to manipulate/intercept it.

The malware makes it way to systems via:-

  • Software’s downloaded from 3rd party sites.
  • COMpfun-infected systems downloading & installing the malware.

Technical Details

  • The malware adds digital certificates on victim’s devices without parsing network packets.
  • The Creators of the malware have properly analyzed the browser code, so that they can tweak the PRNG function in the memory of the process.
  • This enables the attacker to identify how the traffic will be encrypted.
  • This also allows the malware to decode traffic & send crucial data to its C&C server.

Impact

  • Manipulate digital certificates installed on victim machine.
  • Uploading & downloading files.
  • Create new process to execute specified files.
  • Delete files at a specified path.

Recommended Actions

  • Try to avoid downloading and using any Freeware application.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013