Zscaler’s ThreatLabZ recently discovered a new Remote Access Trojan (RAT) called “InnfiRAT”. After reverse engineering the malware, security researchers were able to determine that the RAT targets sensitive data, but particularly seeks out Bitcoin and Litecoin wallets and credentials. In addition, the RAT also steals usernames and passwords from browers. Since this is a RAT, keylogging, screenshotting, drive formatting, file exploration, and many other things are possible on victim machines.
ThreatLabZ said in a statement:
“As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer. Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has Screenshot functionality so it can grab information from open windows. For example, if the user is reading an email, the malware takes a screenshot. It also checks for other applications running on the system, such as an active antivirus program.”
Victims are likely to see InnfiRAT come to them in malicious email attachments. As always, don’t open any messages or save attachments from unknown or untrusted sources.