S5Mark – Rootkit Disguised as VPN Infects Windows 10 Devices

It seems like the Internet is never without its share of threats. News has recently broken out that S5Mark, a rootkit disguised as a VPN has been infecting Windows 10 devices. What exactly is a rootkit? How does it infect your computer and what can you do to stay safe?

S5Mark – Rootkit Disguised as VPN Infects Windows 10 Devices

Threats are Multifarious!

There are threats like government and security agencies and Internet service providers snooping on users and secretly stealing their information. And then there are threats like hackers, cybercriminals, and malware, which can damage your device and steal your identity.  

The threats seem to be rising with every passing day, and Internet users are constantly in search of solutions that will protect them and keep their data safe online. But there is no foolproof solution.

A very popular tool for internet safety is a virtual private network. A VPN is a software program that needs to be downloaded and installed on the device, and it protects users by transmitting all traffic through a secure tunnel.  

This process is called encryption, with the help of which the data transmitted is only readable to the user and the secure VPN server.  

No one else can get into the network, and even if they do the encrypted traffic is unreadable to them. Even Internet service providers cannot spy on you if you use a VPN.

But it turns out that even VPNs aren’t the safest solution, despite their popularity. There are various threats associated with them, the most recent one being rootkit disguised as VPN. 

If you’re looking for a VPN, make sure you only sign up with premium VPN service providers which safeguard your online privacy and security.

What is a Rootkit?

A rootkit is a form of malware which is often unintentionally downloaded by users on their devices. Once downloaded, this malware gives unauthorized users access to the device and the data on it.

The Zacinlo rootkit has been infamous for a long time, it has recently changed form and become more dangerous.  It is now on the Internet as an anonymous “VPN” service called S5Mark, which sneaks into Windows 10 systems and can send screenshots of every user activity to its control server.

It isn’t yet definite how many systems have been infected, but it has been found that most of the systems that have been attacked were in the US and running Windows 10.

What Does It Do?

Like any malware, this rootkit wreaks havoc on your computer once downloaded! Zacinlo has been around for a long time, usually sneaking into devices piggybacking on freeware claiming to remove malware from your device or improve the performance of your browser.

Since the malware has been around for a long time, it has allowed its developers to grant the application very powerful features, such as:

  • Intercepting and decrypting SSL communications by sneaking into your browser and injecting custom Javascript into web pages that you visit
  • Redirecting pages within browsers, while surreptitiously loading other pages in hidden windows in the background
  • Injecting ads into your browser
  • Taking screenshots, and sending them up to the control server
  • Detecting and disabling anti-malware solutions
  • Concealing itself by copying encrypted versions of the malware across your PC

If you think these are scary, you haven’t seen anything, because Zacinlo also has sophisticated capabilities to automatically update itself, and turn off services on your computer on command from its control server. These capabilities have been called highly modular and configurable, and can even be used to turn Zacinlo into something more dangerous.

Zacinlo first began as click fraud, where advertisements were injected into a browser with the intention of securing payments from online ad agencies. The ads that the Zacinlo rootkit downloads in the background also have the same function.

How to Be Safe

VPNs are supposed to protect data from external threats. When you use a VPN, you can rest assured that your traffic is safe and your data is encrypted.  However, not every VPN provides protection.

There are several free VPNs the actually steal user data in the name of offering protection. There are free VPNs that come with computers and smartphones, but do more harm than good. Users must be aware of such VPNs.

The Zacinlo rootkit is now infecting devices in the form of the fake S5Mark VPN, which has no real VPN function, besides a fake UI that fools people into thinking that the VPN is active. Once activated, the application downloads and installs the rest of the malware. 

Unfortunately, there is no antimalware that can detect and prevent Zacinlo from being downloaded. It is the responsibility of the users to be careful about what they download.

However, if you happen to download the malware, there are security solutions that can help you get rid of it. But most of the time, users detect the malware when it has done enough harm already.

Watch out!

The best defense is to be careful about what you download on your device. There are various free applications that users download for a lot of reasons, but not all of them are safe. Whether you are downloading a game or a VPN, it is always important to verify its legitimacy before giving always access to your device.

 

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

as-seen-on