The crypto world faces another security threat, a Trojan that focuses only on the theft of cryptocurrency-related data.
A remote access Trojan (RAT) dubbed InnfiRAT which is written in .NET is said to have certain capabilities to steal sensitive data through phishing emails which contain malicious attachments.
The Trojan operates by landing on a vulnerable machine and starts making copies of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory in-order to be fully capable of functioning.
The malware has several anti-analysis measures such as, if it recognizes that it’s running in a sandbox, it will terminate itself or it would collect enough data of the compromised machine. InnfiRAT also terminates itself once it discovers that it is in a process of tools used for process monitoring such as Process Hacker and Process Monitor.
There are a number of commands that the InnfiRAT can process, but instead, it has been advised by the infiltrators to focus only on crypto wallets and cookie information from the web browsers.
"InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has Screenshot functionality so it can grab information from open windows," said the ZscalerThreatLabZ who recently came across this new RAT.
Rakesh Jhunjhunwala to partner with industry veterans to launch a new Airline
Mahindra & Mahindra’s new captive solar plant will quadruple its energy output in Maharashtra
India stops MasterCard from issuing new cards for violating data storage rules
LG Uplus Building Its Second Hyperscale Data Center in South Korea
Entravision Communications Corporation Expands in Southeast Asia after New Acquisition
© 2021 CIO Bulletin. All rights reserved.