• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 12th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Malware » This New Rombertik Malware Crashes Your PC Once Detected

This New Rombertik Malware Crashes Your PC Once Detected

May 6th, 2015 Waqas Malware 0 comments
This New Rombertik Malware Crashes Your PC Once Detected
Share on FacebookShare on Twitter

A complex malware dubbed as Rombertik has been designed to steal user data and comprises of several layers of anti-analysis functionality and obfuscation — Its last check is highly dangerous as it can trigger itself as destruct and destroys all the files stored on the user’s home folder.

Hackers are spreading the Rombertik malware through phishing and spam messages which has ability to read any plain-text data when entered in the browser. It captures the entered data before it gets encrypted.

Once up and running, Rombertik automatically scans Windows computer to check if it has been detected or not, said Cisco’s Talos Group blog on Monday.

new-Rombertik-malware-crashes-your-pc-once-detected-1

A malware with such capability is not new, but according to Alex Chiu and Ben Baker of Cisco’s Talos group:

“Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.”

This kind of “ destroyer” malware was previously used in attack on Sony Pictures Entertainment in 2014 and against South Korea.

Rombertik’s exclusive feature is that it involves numerous layers of anti-analysis functionality and obfuscation.

new-Rombertik-malware-crashes-your-pc-once-detected-1-2

The malware’s last check is very dangerous for your computer because it computes a 32-bit hash of the PC memory’s resource.

If that resource of the compile time gets somehow altered, Rombertik automatically initiates self-destruct mode.

It initially aims at the MBR/Master Boot Record, which is a PC’s hard drive’s first sector that the computer looks to prior to loading the operating system.

In case Rombertik fails to access the MBR, it can potentially destroy all the files and data stored on the PC’s home folder by encrypting each file with a random RC4 key.

When the home folder or MBR gets encrypted the PC restarts and the MBR enters an infinite loop that prevents the computer from rebooting and screen shows this message: “Carbon crack attempt, failed.”

When Rombertik firstly gets installed on a PC it quickly unpacks itself since 97% of the unpacked file’s content is designed to make it appear legitimate. It comprises of 8,000 decoy functions and 75 images, which are literally never used.

Also, it tries to evade sandboxing, that is, the practice of isolating code for some time till it has checked out.

Rombertik stays awake always and writes one byte of data around 960million times in the memory. This further complicated the analysis for application tracking tools.

[src src=”source” url=”http://blogs.cisco.com/security/talos/rombertik#conclusion”]Cisco Talos Group[/src]

  • Tags
  • Cisco
  • Malware
  • PC
  • security
  • TROJAN
  • virus
  • Windows
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Snowden documents show how NSA converts Audio calls into searchable data
Next article Apple users hit with KYC Validation/iCloud ID review phishing scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
Fake VPN website delivering password-stealing malware

Fake VPN website delivering password-stealing malware

Botnet found using YouTube to illegally mine cryptocurrency

Botnet found using YouTube to illegally mine cryptocurrency

Ginp Android trojan targets banking apps & threatens 2FA/SMS

Ginp Android trojan targets banking apps & threatens 2FA/SMS

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Plundervolt: A new attack on Intel processors threatening SGX data
Security

Plundervolt: A new attack on Intel processors threatening SGX data

124
2.7 billion email addresses & plain-text passwords exposed online
Leaks

2.7 billion email addresses & plain-text passwords exposed online

1499
Cyber attack cripples networks in city of Pensacola days after shooting
Cyber Attacks

Cyber attack cripples networks in city of Pensacola days after shooting

689
20 years prison for Romanian hackers who infected 400,000 computers
Cyber Crime

20 years prison for Romanian hackers who infected 400,000 computers

787

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us