Bitcoin Security

Trojan Virus Discovered That Steals Password Data from Crypto Wallets

Julio Gil-Pulgar · @gil_pulgar | Sep 19, 2019 | 13:00

---

Cybercriminals have launched a new malware conceived to steal data from crypto wallets. ThreatLabZ, a Zscaler team of security experts, has identified the malware as a RAT (Remote Access Trojan), which they named InnfiRAT.

Malware Continues to Rise

Malware using backdoors methods to gain unauthorized access to computers and other electronic appliances continue to pose a formidable threat. Malwarebytes Labs, a cybersecurity company, in its 2019 State of Malware report underscored that the two major malware categories included cryptominers and trojans. And the report predicted for 2019 the advent of new tricks and threats.

Now, Zscaler, another cyber security specialist team, has identified a new threat against the protection of privacy data. Written in the .NET programming language, InnfiRAT has been flagged as a new trojan virus designed to perform specific tasks such as stealing personal information from users’ crypto wallets. Zscaler researchers point out,

New InnfiRAT #malware steals #cryptocurrency wallet data and harvests information from open browser sessions – read details here https://t.co/j5bbyZmOrH @ZDNet @SecurityCharlie #infosec pic.twitter.com/lWp7ozSi1P

— AT&T Cybersecurity (@attcyber) September 13, 2019

Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data.

Moreover, innfiRAT uses its Screenshot functionality to extract information from open windows while checking other applications running on the targeted system. It even checks active antivirus programs.

Then, according to the researchers, the RAT transmits the stolen data to its command-and-control center and waits for further instructions. These instructions, for example, could direct the RAT to download additional information from the targeted computer.

Crypto Users Targeted Again

For members of the crypto community, cybersecurity threats involving backdoor methods are not new. For example, in October 2018, Thomas Reed, Director of Mac & Mobile, at Malwarebytes, reported about the Mac cryptocurrency “ticker” app. once launched it infected two open-source broad-spectrum backdoors: EvilOSX and EggShell.

The aim of this malware has not been identified. Nevertheless, Reed believes, most likely, the malware was designed to steal digital coins from cryptocurrency wallets.

Cybercriminals spread most computer viruses via email attachments. Thus, Zscaler’s ThreatLabZ security team reiterates best practices for email attachments, “as always, refrain from downloading programs or opening attachments that aren’t from a trusted source.”

What do you think about the threats to crypto wallets posed by InffiRAT? Let us know in the comments!

___________________________________________________________________

Images via Shutterstock, Twitter @attcyber