A malware dubbed InnfiRAT and written in.NET has been found by ThreatLabZ’s researchers. It can steal browser cookies that expose sensitive data such as usernames and passwords.
How it operates
According to the research, the malware can easily access browser cookies. Thus, accessing crucial information like usernames and passwords. It specifically searches for Bitcoin (there was also similar case recently) and Litecoin.
Additionally, InnfiRAT spies on users by taking screenshots of them. The feature leaks critical information that may not have been obtainable using the preceding methods. InnfiRAT operates by infecting a targeted device, then making copies of itself and scanning for VM environment. Sandbox terminates the malware, otherwise, it carries on with the process.
The command and control center receives the hacked information, which issues additional instructions.
In conclusion, the malware only gains access if a user makes a mistake. Actions like opening email attachments from untrusted sources, running macros in MS Office or visiting malicious websites cause such mistakes.
Therefore, users should guard their computers by running good antivirus software.
Two sides of a coin
The news is not surprising bearing in mind that there have been frequent hacking of exchanges.
The increasing popularity and value of Bitcoin and other cryptocurrencies have also attracted scammers and other criminals. Therefore, revealing the dark side of the rise of cryptocurrency. Accordingly, over the years the number of crypto-related scams and thefts have increased.
Weeks ago, there were reports about crypto-jacking malware that became dangerous causing Monero mining and data stealing.
In June, Black Squid was discovered. The malware is a form of crypto-jacking that uses a computer’s energy source to illegally mine cryptocurrency without the user knowledge.
You can find out more about InnfiRAT here.