Cryptocurrencies have been known to be the cause of fortune for quite a few people. It all started from 2009 and even a couple of years later when some users purchased Bitcoin and ended up hitting jackpots after holding them for long periods.
However, more people are known for getting their coins stolen and it is no surprise keeping in mind that exchanges are frequently hacked. In line with this, Zscaler’s ThreatLabZ team has recently discovered a remote administration tool (RAT) that is designed to find cryptocurrency wallets and steal their information.
For the unacquainted, users store their digital/cryptocurrencies in a wallet, one that is deemed hot if connected to the internet and cold if not. While the latter is always safe from remote access, the former may not be. Moreover, today, access to a single wallet may be very rewarding as multi-coin storage capabilities have been added allowing one to store a variety of cryptocurrencies in one place.
Dubbed InnfiRAT and written in .NET; the piece of malware can also steal browser cookies resulting in a compromise of sensitive data such as usernames and passwords. It also looks for Bitcoin and Litecoin. Furthermore, it also contains screenshot functionality, a standard feature within such tools which can be used to spy on users and also learn of critical information which may not otherwise be obtainable using the preceding methods.
According to Zscaler’s blog post; InnfiRAT works in such a way that after infecting a targeted device, it makes copies of itself and scans for VM environment. In case the device has a sandbox installed the malware terminates itself otherwise carry on with the process. After the information has been collected, it sends it to its command and control center(C&C) which may issue additional instructions and direct the entirety of the RAT’s duration on the infected device.
To conclude, users are usually infected by it through – you guessed it – their own mistakes. Negligent acts such as opening email attachments from untrusted sources, allowing macros to run unrestricted in MS Office or even visiting malicious websites can all get you in trouble.
Hence, the best way to guard your computer is to run good anti-virus software and just steer clear on the safe side of things not taking unnecessary risks in terms of trusting strangers on the internet.