More malware has made it to the news that is aimed toward cryptocurrency. Dubbed as InnfiRAT, the malware resembles usual Trojans but specifically pilfers cryptocurrency wallets data.
InnfiRAT Malware – A New Crypto Stealer
Researchers from Zscaler ThreatLabZ have discovered a new RAT malware, termed as InnfiRAT. The malware is specifically a cryptostealer as it aims to pilfer cryptocurrency-related data such as wallet addresses. Nonetheless, it also bears other properties of a usual Trojan.
Talking about the malware in their blog post, the researchers describe InnfiRAT as a .NET malware that helps to evade malware analysis by looking for a sandbox environment on the target machine. Upon reaching the target device, the malware conducts various operations to steal personal information as well as data related to cryptocurrency.
In addition, the malware seizes browser cookies to pilfer saved login credentials. It also takes screenshots of user’s activities and aims to kill undesired processes such as an antivirus.
Upon entering the machine, the malware shares the device information with its C&C server to receive further instructions. These details include device manufacturer, Processor ID, number of cores, number of logical processors, Device ID, serial number, and other such information. This information is gathered as part of the RAT’s anti-VM checks.
The malware also scans for running processes and aims to kill any process that matches its predefined list of strings such as “taskmgr”, “processhacker” or “chrome”, “browser”, “firefox”, “opera”, and others. It also constructs a CMD command for scheduled execution, and routinely gathers and sends the device’s profile details to the C&C.
Alongside all such functionalities, InnfiRAT also looks for the presence of “%AppData%Litecoinwallet.dat” or “%AppData%Bitcoinwallet.dat” files in the system. If found, the malware steals the data to compromise the wallets and steal Bitcoin or Litecoin funds.
How To Stay Safe
Like most RATs, InnfiRAT can also infect a machine via phishing emails or malicious apps. Therefore, the prime security measure to evade such malware attacks is to stay wary of scam emails.
Let us know your thoughts in the comments.