Another RAT is on the loose

A new Remote Access Trojan (RAT) malware which steals your Crypto has been detected

Current digital ‘hot wallets’ & other Crypto infrastructure face numerous vulnerabilities in the form of hacks, attacks & unexpected losses. In the first six months of 2019 alone, Cryptocurrency thefts, scams & fraud worldwide have led to losses worth approximately $4.26 billion. Although insider thefts were the biggest offenders according to the report from Cipher Trace, external threats remain on the rise as well.

That’s a massive 4.5x increase from the previous year (chart below). It is imperative, therefore, that we have proper safety checks in place on the business as well as the client-side to avoid these losses. Perhaps the easiest way that nefarious players employ to gain access your digital data is via a Remote Access Trojan (RAT) malware.

To explain it simply —The RAT gets planted on the victim’s computer, where the malware connected back to the attacker. The attacker than establishes a remote connection gaining unauthorized access to all your personal information. A similar RAT was discovered recently by security researchers at Zscaler ThreatLabZ which can steal your Bitcoin wallet data.

Dubbed as the InnfiRAT, the trojan is written in the .NET framework — a Microsoft developed platform, used to develop a wide spectrum of applications. InnfiRAT, like other malware, is programmed to perform specific tasks on an infected machine. Apart from stealing personal information on a computer, InnfiRAT is designed specifically to look for cryptocurrency wallet information, such as Bitcoin and Litecoin.

The malware has advanced functionalities like grabbing browser cookies to steal stored usernames & passwords and sessions data. Additionally, the ScreenShot functionality can let it capture information from open windows. It also checks for any additional software running on the machine. Once done, it sends out all the data to its command-and-control (C&C) server awaiting further instructions. This can include downloading additional malware into the system.

The RATs are becoming a common occurrence, Zscaler ThreatLabZ had earlier reported the existence of a new multi-layered RAT being sold on the Dark Web. Called Saefko, it was written in the .NET framework as well and had multiple functionalities.

Remote Access Trojans use the backdoor to get into a system, most commonly spread by a user opening an infected email attachment or downloading an application carrying the malware. The best defense on the client-side is not to open any such emails from someone you don’t know or download any application which doesn’t look like it is from a trusted source.