There is a new type of specific malware in the web environment today which basically “specializes” in theft of cryptocurrency. Yes, you read that right. The malware comes packed with Trojan capabilities as one of the article mentioned and will infect itself once it has identified sources of cryptocurrency wallet data. So you may wonder how does it spread? Phishing! It is developed on .net and gets sent out via phishing emails with attachments or even drive by downloads. As soon as the malware has made it entrance onto your machine, “it will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan. In the quest for cryptocurrency, InnfiRAT will scan for information relating to cryptocurrency including Bitcoin (BTC) and Litecoin (LTC) wallets by checking for %AppData%\Litecoin\wallet.dat and %AppData%\Bitcoin\wallet.dat. If they are present, the malware will siphon existing data that can be used to compromise these wallets and potentially steal virtual funds.” Check out the link to find out more about it. Looks pretty interesting and scary! (source link: https://www.zdnet.com/article/innfirat-malware-lurks-in-your-machine-to-steal-cryptocurrency-wallet-data/)
Leave a Reply
You must be logged in to post a comment.