The crypto world faces another security threat, a Trojan that focuses only on the theft of cryptocurrency-related data.
A remote access Trojan (RAT) dubbed InnfiRAT which is written in .NET is said to have certain capabilities to steal sensitive data through phishing emails which contain malicious attachments.
The Trojan operates by landing on a vulnerable machine and starts making copies of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory in-order to be fully capable of functioning.
The malware has several anti-analysis measures such as, if it recognizes that it’s running in a sandbox, it will terminate itself or it would collect enough data of the compromised machine. InnfiRAT also terminates itself once it discovers that it is in a process of tools used for process monitoring such as Process Hacker and Process Monitor.
There are a number of commands that the InnfiRAT can process, but instead, it has been advised by the infiltrators to focus only on crypto wallets and cookie information from the web browsers.
"InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has Screenshot functionality so it can grab information from open windows," said the ZscalerThreatLabZ who recently came across this new RAT.
Alibaba appoints new CFO, overhauls e-commerce business
India tightens COVID-19 testing for tourists amid new variant concerns
Kunal Shah’s CRED valued at $4 billion following new $251 million funding
26 new words of Korean origin added to the Oxford English Dictionary
BhartiAirtel to invest $673 million in its Nxtra data center expansion
© 2021 CIO Bulletin. All rights reserved.