The crypto world faces another security threat, a Trojan that focuses only on the theft of cryptocurrency-related data.
A remote access Trojan (RAT) dubbed InnfiRAT which is written in .NET is said to have certain capabilities to steal sensitive data through phishing emails which contain malicious attachments.
The Trojan operates by landing on a vulnerable machine and starts making copies of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory in-order to be fully capable of functioning.
The malware has several anti-analysis measures such as, if it recognizes that it’s running in a sandbox, it will terminate itself or it would collect enough data of the compromised machine. InnfiRAT also terminates itself once it discovers that it is in a process of tools used for process monitoring such as Process Hacker and Process Monitor.
There are a number of commands that the InnfiRAT can process, but instead, it has been advised by the infiltrators to focus only on crypto wallets and cookie information from the web browsers.
"InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has Screenshot functionality so it can grab information from open windows," said the ZscalerThreatLabZ who recently came across this new RAT.
Tencent Cloud launches its first Internet Data Center in Indonesia
21Vianet Chooses Juniper Networks’ Technology Meet Rising Demands of Data Traffic
Tech Mahindra Launches New Cloud-based Attack Mitigation Service
International Data Corporation’s report suggests that healthcare providers in Asia will now spend more on IT
Ascendas REIT Is Acquiring Data Centers in Europe for $904.6M
© 2021 CIO Bulletin. All rights reserved.