silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,048
Researchers have documented the emergence of a new Trojan that specializes in the theft of cryptocurrency-related data.
Dubbed InnfiRAT, the malware includes many standard Trojan capabilities but will specifically lurk on infected systems in the quest for cryptocurrency wallet credentials.
In a blog post, cybersecurity firm zScaler said on Thursday that InnfiRAT, written in .NET, is likely spread through phishing emails containing malicious attachments or drive-by downloads.
Once it lands on a vulnerable machine, the malware will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan.
InnfiRAT will first look for indicators of a sandbox environment, a common setup used by cybersecurity researchers when reverse-engineering malware samples. If found, the malware will terminate; if not, then the payload continues to execute.
System data, including the country of the machine, processor type, PC vendor, name, and cache size is scraped. InnfiRAT will then contact its command-and-control (C2) server, transfer the stolen machine information, and await further instructions.
InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data
The new Trojan will also harvest information from open browser sessions.
www.zdnet.com