InnfiRAT Malware Stalks Your Computer to Steal Cryptocurrency Wallet Data

Wayne Jones by Wayne Jones - 11:18 AM Sep 14, 2019

zScaler, announces that they have discovered a new emerging malware, InnfiRAT, that steals cryptocurrency wallet data. 

zScaler is a cybersecurity firm that aims at making the internet secure for corporate networking. 

In the blog post, the firm claimed that the malware possess similar capabilities as many standard Trojans. Its unique feature is that it stays in wait on infected computer systems for cryptocurrency wallet authorizations. 

The Zscaler ThreatLabZ team disclosed that the new RAT is written in .NET and designed to perform precise tasks from an infected machine. It is likely to spread through phishing emails containing malicious attachments or drive-by downloads.

How the Malware Works

InnfiRAT is programmed to access and steal personal info on a user's computer. Among other roles, the malicious code looks for cryptocurrency wallet information, such as Bitcoin and Litecoin. It will then siphon existing data that can be used to compromise these wallets and potentially steal virtual currency. 

InnfiRAT also snatches browser cookies to steal stored usernames and passwords, as well as session data. Moreover, this RAT has Screenshot functionality and can thus take data from open windows.

Even more severe, the malware can also detect "sandbox" regulator, a popular setup used by cybersecurity researchers when reverse-engineering malware software. 

If found, the malware will terminate to avoid detection; if not, then it continues to execute and steal data. 

Rising Cases of Crypto Malware

Despite the complexity of crypto technology, it remains prone to cybercriminals. In this case, InnfiRAT is just one of the many forms of malware that cyber attackers are now using to target the crypto community.

Recently, cybersecurity researchers discovered a new variant of crypto-mining malware that targets target Apple Mac users. This malware, also known as Bird Miner, operates by emulating the Linux on Mac.

Malwarebytes stated in a blog post that the malware was detected as OSX.BirdMiner in a cracked installer for Ableton Live 10, software used in music production.

Another recent variant malware, PsiXBot, is configured for the theft of data and cryptocurrency. It was spotted in its revamped form on sept.10th 2019, and can now abuse Google's DNS over HTTPS service. 

It further uses hex-coded links to perform DNS requests which send infection commands that begin with a system check.

Author's Thoughts

A crypto-malware is able to lurk undetected, extort victims, and access a variety of information, such as data related to lucrative cryptocurrency. 

Unfortunately, cases of crypto-jacking are on the rise and cybercrime masterminds are polishing their techniques and inventing better ways to go around the security mechanisms set by crypto platforms.  

Therefore, it is crucial that the crypto space is vigilant and take keen of all the red flags when downloading apps/software on the devices they use to transact with crypto. 

About The Author
Wayne Jones

Wayne JonesAm Wayne, a Blockchain enthusiast and expert in crypto trading. Currently, I cover trendy issues on digital currencies.


Share On Social Media!

Enter Shared Link

Enter Shared Link

Enter Shared Link

Enter Shared Link

Enter Shared Link