Security Team Uncovers InnfiRAT Remote Access Trojan (RAT) Designed to Steal Bitcoin Wallet Data
ZsCaler ThreatLabZ released a report on September 12, 2019, noting that security researchers had uncovered a RAT (Remote Access Trojan) malware that was targeting BTC wallets. Dubbed InnfiRAT, the RAT had been designed to perform a broad array of tasks such as infecting the target machine and more specifically seeking information on available LTC (Litecoin) and Bitcoin (BTC) wallet information.
A Multi-Pronged Outbreak On Affected Computer Systems
The researchers went on to note that the RAT had been written using the .NET software framework. This is a framework that was introduced into the computer world by software giant Microsoft. Developers normally use it to create a large host of computer applications.
This particular malware had been designed to infiltrate computer systems and steal all the personal information held in the infected machine. It stole the data by grabbing browsing cookies. The cookies would then be used to steal the passwords and usernames that had already been stored in that computer, including the session data.
InnfiRAT was also capable of taking screenshots as a user continued working on their machine. Screenshots taken from open windows are in many cases used to establish what a user is doing or viewing at the time of capture. Running applications were also targeted by the malware.
When the RAT had collected all the data available on the system, it would then send it to a C&C (command-and-control) server. It would then proceed to request further instructions from the server. Some of these instructions involved downloading and installing new payloads into the system that had already been compromised.
The security researchers went as far as providing a demonstration involving the use of a code to show how the RAT was able to obtain information pertaining to BTC wallets.
Exercise Caution Against Unknown Sources
When completing their presentation, the security researchers cautioned computer users and advised them to be wary of installing programs from untrusted sources. They stated that there was a prevalence of RATS that can easily compromise their computer systems. Apart from stealing information, some of the malware applications were designed to log keystrokes, format disk drives, and even activate the webcam remotely.