LTS Secure Warning: TLS Traffic being compromised using New Reductor Malware
Security Researchers have discovered a new malware dubbed Reductor, capable of decoding encrypted TLS communication without the need to manipulate/intercept it.
The malware makes it way to systems via:-
- Software’s downloaded from 3rd party sites.
- COMpfun-infected systems downloading & installing the malware.
- The malware adds digital certificates on victim’s devices without parsing network packets.
- The Creators of the malware have properly analyzed the browser code, so that they can tweak the PRNG function in the memory of the process.
- This enables the attacker to identify how the traffic will be encrypted.
- This also allows the malware to decode traffic & send crucial data to its C&C server.
- Manipulate digital certificates installed on victim machine.
- Uploading & downloading files.
- Create new process to execute specified files.
- Delete files at a specified path.
- Try to avoid downloading and using any Freeware application.
- Always update your anti-virus software with the latest releases.
- Periodically run “full system scan” on your endpoints.
- Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.