InnfiRAT: A New Threat Stealing Personal Data and Cryptocurrency
The number of dangerous cyber threats has grown with the emergence of a new RAT (Remote Access Trojan) called InnfiRAT. This malicious program is capable of stealing personal data as well as information from cryptocurrency wallets.
Researchers at Zscaler report that InnfiRAT is written in .NET. In addition to harvesting personal data, the trojan can also download additional malicious components onto the victim’s device.
How InnfiRAT Operates
When first launched, the malware checks if it is running from the %AppData% directory under the name NvidiaDriver.exe. It then sends a request to iplogger[.]com/1HEt47.
Next, the trojan examines all running processes to see if any are named NvidiaDriver.exe. If such a process is found, InnfiRAT terminates it. According to Zscaler’s report, the malware uses various methods to detect its environment and avoid detection.
Capabilities and Threats
The command and control (C&C) server can send the trojan a variety of tasks, many of which are typical for backdoors. These include:
- Downloading and executing specific files
- Collecting data from the infected system
- Stealing browser cookies
- Extracting data from Bitcoin wallets
- Retrieving text files containing confidential information
- Taking screenshots
- Terminating specific processes
As InnfiRAT continues to spread, users are advised to stay vigilant, keep their software updated, and use reliable security solutions to protect their personal data and cryptocurrency assets.