The researchers have discovered a new trojan which expertises in stealing cryptocurrency-associated data.
The malware, referred to as InnfiRAT, includes several standard trojan capabilities; however, will particularly lurk on the infected machines to steal credentials of cryptocurrency wallet.
As per a blog post by zScaler cyber-security company on Thursday, InnfiRAT, mentioned as .NET, most probably spread via a drive-by download or phishing mails comprising of malicious attachments.
The malware makes copies itself onto the vulnerable system and hides it into the machine’s AppData directory. It then writes one Base64 encoded portable executable (PE) file in the memory in order to begin the trojan’s main functionality.
InnfiRAT first will look for signals of sandbox environment, which is a standard setup utilized by researchers when they reverse-engineer malware samples. The malware would terminate itself if found. But, if not discovered then would continue executing the payload.
The system data, which includes the processor type, PC vendor, cache size, name and origin of the system, is scraped.
The InnfiRAT malware will then connect with its C2 server, transmit the stolen information from the machine and wait for further instructions.
Recently, PsiXBot has been upgraded in order to incorporate DNS of Google over the HTTPS service. Once it hits the target system, PsiXBot will scan the wallet credential clipboard that is utilized to store Ripple, Etherium, Monero and Bitcoin.