Researchers have documented the emergence of a new Trojan that specializes in the theft of cryptocurrency-related data.
Dubbed InnfiRAT, the malware includes many standard Trojan capabilities but will specifically lurk on infected systems in the quest for cryptocurrency wallet credentials.
In a blog post, cybersecurity firm zScaler said on Thursday that InnfiRAT, written in .NET, is likely spread through phishing emails containing malicious attachments or drive-by downloads.
See also:DanaBot banking Trojan jumps from Australia to Germany in quest for new targets
Once it lands on a vulnerable machine, the malware will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan.
InnfiRAT will first look for indicators of a sandbox environment, a common setup used by cybersecurity researchers when reverse-engineering malware samples. If found, the malware will terminate; if not, then the payload continues to execute.
System data, including the country of the machine, processor type, PC vendor, name, and cache size is scraped. InnfiRAT will then contact its command-and-control (C2) server, transfer the stolen machine information, and await further instructions.
Among these instructions is the command to obtain a list of all running processes in an infected system, including those with the strings "chrome," "browser," "firefox," and "opera." The malware will terminate any that match.
CNET:Spotify wants to know where you live and will be checking in
InnfiRAT can deploy additional malicious payloads, steal files, and grab browser cookies to harvest stored username and password credentials for online services. In addition, the Trojan can screenshot open sessions and shut down traditional antivirus processes.
In the quest for cryptocurrency, InnfiRAT will scan for information relating to cryptocurrency including Bitcoin (BTC) and Litecoin (LTC) wallets by checking for %AppData%Litecoinwallet.dat and %AppData%Bitcoinwallet.dat. If they are present, the malware will siphon existing data that can be used to compromise these wallets and potentially steal virtual funds.
Cryptocurrency remains a lucrative channel for cybercriminals to generate illicit profit and InnfiRAT is only one of many forms of malware that now include cryptocurrency-related theft or exploit modules.
TechRepublic:How data breaches are hurting small businesses
PsiXBot has recently been upgraded to include Google's DNS over HTTPS service, and once on a target machine, will monitor the clipboard for wallet credentials used to store Bitcoin, Etherium, Monero, and Ripple.
Another interesting form of cryptojacking malware, dubbed Bird Miner, emulates Linux on Mac machines while running XMRig. The malware harnesses the CPU power of victims to covertly mine Monero (XMR) and sends the proceeds to wallets controlled by its operators.
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Read more:
InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data - ZDNet
- Crypto()Currency - CryptoCurrency.org - April 26th, 2014 [April 26th, 2014]
- Cryptocurrency - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- TNW - Stefan Molyneux - Money, Power and Politics The Cryptocurrency Revolution - Video - April 26th, 2014 [April 26th, 2014]
- How to Set Up a Ripple (CryptoCurrency) Generating System! - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin / Cryptocurrency - An Extensive FAQ - Video - April 26th, 2014 [April 26th, 2014]
- --- The Great Debate --- Bitcoin vs Altcoin @ The CryptoCurrency Convention 4/9/14 - - Video - April 26th, 2014 [April 26th, 2014]
- Bryce Weiner @ CryptoCurrency Convention 4/9/14 - - Video - April 26th, 2014 [April 26th, 2014]
- Popularcoin @ CryptoCurrency Convention 4/9/14 - Joshua Nold - Video - April 26th, 2014 [April 26th, 2014]
- TimeKoin @ CryptoCurrency Convention 4/9/14 - Michael Brown - Video - April 26th, 2014 [April 26th, 2014]
- Infinitecoin @ CryptoCurrency Convention 4/9/14 - Loring Small - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin Exchange CryptoRush Loses Millions of BlackCoin Cryptocurrency - Video - April 26th, 2014 [April 26th, 2014]
- Brock Pierce, Entrepreneur "FireSide Chat" @ CryptoCurrency Convention NYC - 4/9/14 - Video - April 26th, 2014 [April 26th, 2014]
- [OFFICIAL SPONSOR] Nick Spanos, Bitcoin Center NYC @ CryptoCurrency Convention 4/9/14 - Video - April 26th, 2014 [April 26th, 2014]
- AuroraCoin @ CryptoCurrency Convention NYC 4/9/14 - David Lio - Video - April 26th, 2014 [April 26th, 2014]
- Dogecoin Founder Speaks on the Future of Cryptocurrency - April 27th, 2014 [April 27th, 2014]
- As Bitcoin Soars in Value, Alternative Cryptocurrencies ... - April 27th, 2014 [April 27th, 2014]
- Florincoin @ CryptoCurrency Convention NYC 4/9/14 - Joe Fiscella - Video - April 27th, 2014 [April 27th, 2014]
- DigiByte @ CryptoCurrency Convention NYC 4/9/14 - Jared Tate - Video - April 27th, 2014 [April 27th, 2014]
- Digitalcoin @ CryptoCurrency Convention NYC 4/9/14 - Andrew Davidson - Video - April 27th, 2014 [April 27th, 2014]
- PotCoin @ CryptoCurrency Convention NYC 4/9/14 - Nick Iversen - Video - April 27th, 2014 [April 27th, 2014]
- ZenithCoin @ CryptoCurrency Convention NYC 4/9/14 - Eddie Corral - Video - April 27th, 2014 [April 27th, 2014]
- BitAngels Co-Founder, David Johnson @ CryptoCurrency Convention NYC 4/9/14 - Video - April 27th, 2014 [April 27th, 2014]
- Australian dogecoin founder speaks on the future of cryptocurrency - April 28th, 2014 [April 28th, 2014]
- Coinnext Cryptocurrency Exchange Coming Soon - Video - April 29th, 2014 [April 29th, 2014]
- Cryptocurrency News Round-Up: MtGox Hearing Begins as Bitcoin gets Bloomberg Endorsement - May 1st, 2014 [May 1st, 2014]
- mTrader.org - Cryptocurrency Mining System - Video - May 1st, 2014 [May 1st, 2014]
- CryptoCurrency - cryptobars commodity Launch! - Video - May 1st, 2014 [May 1st, 2014]
- The Mises View: "Taxing Cryptocurrency" | Jeff Deist - Video - May 2nd, 2014 [May 2nd, 2014]
- Coin Pursuit Launches SliceFeeds Interactive Cryptocurrency Network - May 3rd, 2014 [May 3rd, 2014]
- Cryptocurrency | Ground Zero with Clyde Lewis - May 3rd, 2014 [May 3rd, 2014]
- CS 171 Final Project: Cryptocurrency Visualizations - Video - May 3rd, 2014 [May 3rd, 2014]
- Cryptocurrency Explained The Tech Guy 1046 - Video - May 3rd, 2014 [May 3rd, 2014]
- Know How 74 Cryptocurrency - Video - May 4th, 2014 [May 4th, 2014]
- MIT undergrads will each receive $100 in bitcoin - May 5th, 2014 [May 5th, 2014]
- cryptocurrency - Fortune Finance: Hedge Funds, Markets ... - May 8th, 2014 [May 8th, 2014]
- Bitcoin wins US election panel's approval for political donations - May 9th, 2014 [May 9th, 2014]
- CryptoCurrency of the World Unite! - Video - May 9th, 2014 [May 9th, 2014]
- Major Dogecoin Wallet Hacked, Shut Down - May 13th, 2014 [May 13th, 2014]
- Such hack, much sad: Doge Vault reportedly loses $56,000 in heist - May 13th, 2014 [May 13th, 2014]
- BBT Presents: Ode to Cryptocurrency - Video - May 13th, 2014 [May 13th, 2014]
- Scryptify Cryptocurrency Video - Crypto Currency Exchanges - Video - May 13th, 2014 [May 13th, 2014]
- AMD cuts Radeon R9 280 price as inflation woes die down - May 15th, 2014 [May 15th, 2014]
- The Cryptocurrency Certification Consortium - Video - May 15th, 2014 [May 15th, 2014]
- Bitpagar Cryptocurrency - Video - May 16th, 2014 [May 16th, 2014]
- TagPro - Cryptocurrency Juke Session w/ LTB & Counterpary - Video - May 16th, 2014 [May 16th, 2014]
- How to Mine Cryptocurrency Safely - Video - May 16th, 2014 [May 16th, 2014]
- Bunnycoin - Innovative New Cryptocurrency - Video - May 16th, 2014 [May 16th, 2014]
- Jan Irvin on Learning, Statism, Culture, Cryptocurrency and Voluntarism -- Potent News Podcast #1 - Video - May 16th, 2014 [May 16th, 2014]
- Nxt cryptocurrency platform: Proof of Stake mining system - Video - May 18th, 2014 [May 18th, 2014]
- Cryptocurrency Round-Up: Darkcoin Rise Continues; Dogecoin Saved My Life & Bitcoin Explainer Videos - May 19th, 2014 [May 19th, 2014]
- Givecoin.info Announces Partnership with Do A Bit of Good: World's First Charitable Mining Screensaver - May 21st, 2014 [May 21st, 2014]
- Cryptocurrency: Get Mining! - Video - May 22nd, 2014 [May 22nd, 2014]
- Violincoin - The first cryptocurrency for musician - - Video - May 22nd, 2014 [May 22nd, 2014]
- Trollcoin - The Fun Cryptocurrency! - Video - May 22nd, 2014 [May 22nd, 2014]
- Cryptocurrency and Nonprofits with Eric Nakagawa - Video - May 23rd, 2014 [May 23rd, 2014]
- The Cryptocurrency Store - Video - May 23rd, 2014 [May 23rd, 2014]
- The Cryptocurrency Store (Spanish/Espagnol) - Video - May 23rd, 2014 [May 23rd, 2014]
- How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency - Video - May 23rd, 2014 [May 23rd, 2014]
- UT students to launch cryptocurrency exchange - May 24th, 2014 [May 24th, 2014]
- Videoconferencia Cryptocurrency 201243946 - Video - May 27th, 2014 [May 27th, 2014]
- VideoCharla Jesus Ramos Cryptocurrency - Video - May 27th, 2014 [May 27th, 2014]
- Cryptocurrency Round-Up: Bitcoin Pioneer Dies and Digital Currency's Status in Australia - August 31st, 2014 [August 31st, 2014]
- Bitcoin enthusiasts discuss the cryptocurrency - Video - August 31st, 2014 [August 31st, 2014]
- Make Fast 1.0 up to 10.00 BTC or Any Cryptocurrency REAL CASH - Video - August 31st, 2014 [August 31st, 2014]
- Halcyon cryptocurrency - Video - August 31st, 2014 [August 31st, 2014]
- Selling products / services / fiat money for cryptocurrency - Coinkite PoS Terminal - Video - August 31st, 2014 [August 31st, 2014]
- Selling cryptocurrency to customers - Coinkite PoS Terminal - Video - August 31st, 2014 [August 31st, 2014]
- Cryptocurrency Made Simple - A Plain English Guide to Bitcoins - September 8th, 2014 [September 8th, 2014]
- PotatoCoin - The cryptocurrency for the third world - Video - September 8th, 2014 [September 8th, 2014]
- How To Trade One Kind Of Cryptocurrency For A Different Kind Of Cryptocurrency - Video - September 8th, 2014 [September 8th, 2014]
- How To Fund Your Bleutrade Cryptocurrency Trading Account - Video - September 8th, 2014 [September 8th, 2014]
- How To Open An Account At Bleutrade.com Cryptocurrency Exchange - Video - September 8th, 2014 [September 8th, 2014]
- Cryptocurrency Round-Up: Apple Pay Boosts Bitcoin, Nakamoto Negotiates With Hacker - September 11th, 2014 [September 11th, 2014]
- Qoinpro Cryptocurrency Faucet ok - Video - September 12th, 2014 [September 12th, 2014]
- Weekly Roundup - CEX.IO - Multi-Functional cryptocurrency exchange - Video - September 12th, 2014 [September 12th, 2014]
- TCR #27: Cryptocurrency growth, 9/11 Anniversary, CDC Scandal, Face Your Fears - Video - September 12th, 2014 [September 12th, 2014]
- VanosEnigmA 011 Bitcoin-Comedy BitcoinDog CryptoCurrency-Cat Naughty - Video - September 15th, 2014 [September 15th, 2014]
- WikiLeaks Avoided Bitcoin to Prevent Government 'Destroying' Cryptocurrency - September 16th, 2014 [September 16th, 2014]
- LXC Coin crowdfunds in challenge to Bitcoin - September 16th, 2014 [September 16th, 2014]
- Why Bitcoin Is Poised To Win Big In Las Vegas - September 19th, 2014 [September 19th, 2014]