Kaspersky says it has uncovered a new malware infection that is able to decode encrypted TLS traffic without the need to intercept or manipulate it.
Known as Reductor, the malware was spotted in April
of this year and is believed to be the work of an espionage-focused hacking crew known as Turla. The malware is thought to be connected to an earlier trojan called ‘COMpFun’.
What makes Reductor unique,
says Kaspersky’s team, is its ability to manipulate TLS certificates. This, in turn allows the infection to present other malware installers as legitimate software.