Researchers say Reductor is being used for cyber espionage on diplomatic entities that are part of the Commonwealth of Independent States. Researchers said Reductor has close ties to the COMpfun trojan, a Russian-speaking advanced persistence threat group Turla (a.k.a. Snake, Venomous Bear, Waterbug and Uroboros) The most recent wave of Reductor infections began in April 2019 and have continued through the release of Kaspersky s research report on Thursday. Researchers concluded that the replacement of the software installer happens on the fly.
Source: https://threatpost.com/new-reductor-malware-hijacks-https-traffic/148904/