• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

This New Rombertik Malware Crashes Your PC Once Detected

May 6th, 2015 Waqas Malware 0 comments
This New Rombertik Malware Crashes Your PC Once Detected
Share on FacebookShare on Twitter

A complex malware dubbed as Rombertik has been designed to steal user data and comprises of several layers of anti-analysis functionality and obfuscation — Its last check is highly dangerous as it can trigger itself as destruct and destroys all the files stored on the user’s home folder.

Hackers are spreading the Rombertik malware through phishing and spam messages which has ability to read any plain-text data when entered in the browser. It captures the entered data before it gets encrypted.

Once up and running, Rombertik automatically scans Windows computer to check if it has been detected or not, said Cisco’s Talos Group blog on Monday.

new-Rombertik-malware-crashes-your-pc-once-detected-1

A malware with such capability is not new, but according to Alex Chiu and Ben Baker of Cisco’s Talos group:

“Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.”

This kind of “ destroyer” malware was previously used in attack on Sony Pictures Entertainment in 2014 and against South Korea.

Rombertik’s exclusive feature is that it involves numerous layers of anti-analysis functionality and obfuscation.

new-Rombertik-malware-crashes-your-pc-once-detected-1-2

The malware’s last check is very dangerous for your computer because it computes a 32-bit hash of the PC memory’s resource.

If that resource of the compile time gets somehow altered, Rombertik automatically initiates self-destruct mode.

It initially aims at the MBR/Master Boot Record, which is a PC’s hard drive’s first sector that the computer looks to prior to loading the operating system.

In case Rombertik fails to access the MBR, it can potentially destroy all the files and data stored on the PC’s home folder by encrypting each file with a random RC4 key.

When the home folder or MBR gets encrypted the PC restarts and the MBR enters an infinite loop that prevents the computer from rebooting and screen shows this message: “Carbon crack attempt, failed.”

When Rombertik firstly gets installed on a PC it quickly unpacks itself since 97% of the unpacked file’s content is designed to make it appear legitimate. It comprises of 8,000 decoy functions and 75 images, which are literally never used.

Also, it tries to evade sandboxing, that is, the practice of isolating code for some time till it has checked out.

Rombertik stays awake always and writes one byte of data around 960million times in the memory. This further complicated the analysis for application tracking tools.

[src src=”source” url=”http://blogs.cisco.com/security/talos/rombertik#conclusion”]Cisco Talos Group[/src]

  • Tags
  • Cisco
  • Malware
  • PC
  • security
  • TROJAN
  • virus
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Snowden documents show how NSA converts Audio calls into searchable data
Next article Apple users hit with KYC Validation/iCloud ID review phishing scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Malware vendor returns with yet another nasty Android malware

Malware vendor returns with yet another nasty Android malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

19
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

37
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

352

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us