InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Researchers have documented the emergence of a new Trojan that specializes in the theft of cryptocurrency-related data.
Dubbed InnfiRAT, the malware includes many standard Trojan capabilities but will specifically lurk on infected systems in the quest for cryptocurrency wallet credentials.
In a blog post, cybersecurity firm zScaler said on Thursday that InnfiRAT, written in .NET, is likely spread through phishing emails containing malicious attachments or drive-by downloads.
Once it lands on a vulnerable machine, the malware will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan.
InnfiRAT will first look for indicators of a sandbox environment, a common setup used by cybersecurity researchers when reverse-engineering malware samples. If found, the malware will terminate; if not, then the payload continues to execute.
System data, including the country of the machine, processor type, PC vendor, name, and cache size is scraped. InnfiRAT will then contact its command-and-control (C2) server, transfer the stolen machine information, and await further instructions.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top