October 12, 2018 By David Bisson 2 min read

Researchers uncovered a malware sample called iTranslator that installs two drivers onto an infected machine to perform a man-in-the-middle (MitM) attack.

According to FortiGuard Labs, the malware sample, called itranslator_02.exe, is signed by a digital certificate that expired back in 2015.

This instance starts off by creating a folder called “itranslator” in the program-data folder and extracting a file named wintrans.exe into that folder. The file initializes by installing iTranslatorSvc, a driver that enables the malware to load at system startup. Next, wintrans.exe installs another driver called “iNetfilterSvc” before downloading “iTranslator.dll.”

This dynamic link library (DLL) acts as the main malware module. It installs a secure sockets layer (SSL) certificate into web browsers as trusted root certificates without the victim’s permission, communicates with the two drivers iNetfilterSvc and iTranslatorSvc, and monitors the internet access packets from a victim’s web browsers. These functions support iTranslator’s performance of a MitM attack on a compromised system, thereby empowering the attackers to steal sensitive information.

What Are the Elements of a MitM Attack?

As noted by Incapsula, a successful MitM attack consists of two elements: the interception of user traffic before it reaches its destination and the decryption of SSL traffic without alerting the user. Bad actors have several methods, such as IP spoofing and SSL hijacking, that allow them to fulfill both of these stages.

Online criminals are also embedding these tactics into different kinds of threats. Kaspersky Lab researchers noted that they discovered MitM capabilities in malicious Google Chrome extensions. According to Cisco Talos, meanwhile, the advanced Internet of Things (IoT) botnet malware VPNFilter also had a module for conducting MitM attacks.

How to Protect Against Malware Like iTranslator

For computers infected with iTranslator, FortiGuard Labs advised security professionals to delete the files and folders created by the malware. In general, organizations can defend themselves against MitM attacks by implementing a layered defense strategy that combines traditional, file-based security with machine learning, threat detection sandboxing and next-generation endpoint protection.

Sources: FortiGuard Labs, Incapsula, Securelist, Cisco Talos

More from

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

What Telegram’s recent policy shift means for cyber crime

4 min read - Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real phone number or any other personally identifiable information (PII).Telegram has also long been known for its hands-off moderation policy. The platform explicitly stated in its…

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today