The clip below shows a live demonstration of how the spyware can perform a man-in-the-middle attack and infect a computer that wanted to visited a specific website.
The company’s employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware.
“All this installation process is, in reality, is completely a fake. It’s sort of a movie,” the RCS Lab employee says in the video. “Because in reality, at this point, he’s already infected.”