Regin Malware

Mobile Spread Could Bloom

Worry is increasing over such Trojans as Regin Malware given their ability to infect about every computer anywhere in the world, including a host of mobile devices. While, speculation about the designer of this malware is still ongoing, it will spread rapidly unless something is done.

Hackers are escalating their reach into private devices, particularly of Android users. There is an opinion that Apple iOS is less open to Trojans like Regin Malware, but nevertheless one has to be worried about the escalating numbers of infected devices. According to one study by F-secure the number of mobile devices with any malware is up 66.7 percent. The attack numbers are up by 96 on Android mobile devices alone, meaning that Android is attacked more.

F-Secure states the availability of Android systems throughout the world is the reason for the higher percentage. It is a more open system plus it is easy to download an App that can be infected. In fact the attributing factor by F-Secure is the number of Apps devised for Android that need to work on multiple devices. The creators of a hacker app can get their work out there quickly. Apple has stricter rules about Apps, which is seen as limiting the ability to create a malware laden App to Apple users.

The Details of Regin

Regin is what the security world calls, a backdoor Trojan. It can also be called a remote access Trojan. The malware is let into your computer and then it opens a backdoor on your security allowing hackers to get in. They are able to remotely access your computer to make it do things they want such as breaching secure files. It is the most dangerous type of Trojan because only the first stage is actually noticeable.

The first stage will start a domino effect in the infected computer. The first stage will start decryption, while the next five stages of Regin will open up the information package hidden in the computer. A dropper is first released, with stage one as the loader. A decryption occurs so the next stage loader can occur until stage three were a kernel seed is sent into the framework, which then unlocks stage four where kernels are sent out into more computers and more security is unlocked until the last stage. The last stage is considered the payload where all the sensitive material is unlocked and shared with the hacker.