New Malware Threat ‘InnfiRAT’ Can Steal Cryptocurrency Wallet Data

   2019-09-19 23:09

New Malware Threat ‘InnfiRAT’ Can Steal Cryptocurrency Wallet Data

What is InnfiRAT?



In the world of cybersecurity, researchers have recently discovered a new type of Trojan that specializes in the theft of cryptocurrency wallet data. Named InnfiRAT, this type of malware will stay on the targeted machine hidden in the background collecting data as the user is unaware. Not only will it search for cryptocurrency wallet details, but it has all the capabilities of a typical Trojan.

The research and cybersecurity firm zScaler stated in a blog post that InnfiRAT is written in the programming language .NET and is likely to spread through phishing emails containing malicious attachments or drive-by downloads. This means that you must be extremely careful online, and not click any links that are deemed suspicious.

How Does it Work?

Once downloaded, the malware will make a copy of itself and hide in the AppData directory. When the Trojan gets inside it will write a Base64 encoded PE file in memory so it can execute the main functionality.

The first step of InnfiRAT is extremely smart as it will look for a sandbox environment. This is a test environment that researchers use to reverse engineer malware in a safe space, so the original machine isn’t affected. If the Trojan finds this, it will terminate it immediately, making the original machine vulnerable. Once this has successfully run, all data on the PC such as the vendor of the machine, name, processor, etc. will then be sent to the server of the bad actor. Finally, InnfiRAT will wait patiently for instructions from the attacker.

As cryptocurrency grows in popularity, malware like this continues to rise, scanning for information relating to cryptocurrency on targeted machines. Bitcoin and Litecoin are amongst the most popular wallet searches by InnfiRAT and any data found will be used to gain access to them, such as private keys. Although stealing cryptocurrency is a lot harder to track than traditional fiat, it is not impossible as everything on the blockchain is recorded on an immutable ledger.


Original Source