Researchers uncovered a malware sample called iTranslator that installs two drivers onto an infected machine to perform a man-in-the-middle (MitM) attack.

According to FortiGuard Labs, the malware sample, called itranslator_02.exe, is signed by a digital certificate that expired back in 2015.

This instance starts off by creating a folder called “itranslator” in the program-data folder and extracting a file named wintrans.exe into that folder. The file initializes by installing iTranslatorSvc, a driver that enables the malware to load at system startup. Next, wintrans.exe installs another driver called “iNetfilterSvc” before downloading “iTranslator.dll.”

This dynamic link library (DLL) acts as the main malware module. It installs a secure sockets layer (SSL) certificate into web browsers as trusted root certificates without the victim’s permission, communicates with the two drivers iNetfilterSvc and iTranslatorSvc, and monitors the internet access packets from a victim’s web browsers. These functions support iTranslator’s performance of a MitM attack on a compromised system, thereby empowering the attackers to steal sensitive information.

What Are the Elements of a MitM Attack?

As noted by Incapsula, a successful MitM attack consists of two elements: the interception of user traffic before it reaches its destination and the decryption of SSL traffic without alerting the user. Bad actors have several methods, such as IP spoofing and SSL hijacking, that allow them to fulfill both of these stages.

Online criminals are also embedding these tactics into different kinds of threats. Kaspersky Lab researchers noted that they discovered MitM capabilities in malicious Google Chrome extensions. According to Cisco Talos, meanwhile, the advanced Internet of Things (IoT) botnet malware VPNFilter also had a module for conducting MitM attacks.

How to Protect Against Malware Like iTranslator

For computers infected with iTranslator, FortiGuard Labs advised security professionals to delete the files and folders created by the malware. In general, organizations can defend themselves against MitM attacks by implementing a layered defense strategy that combines traditional, file-based security with machine learning, threat detection sandboxing and next-generation endpoint protection.

Sources: FortiGuard Labs, Incapsula, Securelist, Cisco Talos

More from

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution?Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task.In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each other. As…

How I got started: SIEM engineer

2 min read - As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security…

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…