InnfiRAT: Malware that targets crypto wallets

The rise of cryptocurrency markets has attracted lots of attention from criminals of all sorts. In fact, cybercrime-related to the theft of cryptocurrencies rose by 400% in 2018 according to a report from U.S.-based cybersecurity company CipherTrac.

Recently, Zscaler ThreatLabZ discovered a new malware called InnfiRAT. Security specialists managed to reverse engineer the malware. It is a remote access Trojan that targets among other things data related to Bitcoin and Litecoin supported wallets. The sensitive information that malware is trying to steal includes usernames and passwords, from any internet browser available at the moment. Zscaler said malware can also be used “to perform any number of tasks, such as logging keystrokes, accessing confidential information, activating the system’s webcam, taking screenshots, formatting drives, and more.”

In a statement Zscaler ThreatLabZ said:

“As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer. Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has ScreenShot functionality so it can grab information from open windows. For example, if the user is reading an email, the malware takes a screenshot. It also checks for other applications running on the system, such as an active antivirus program.”

All of the usual precautions apply to InnfiRAT. Don’t open messages from untrusted or unknown senders, and never download anything that was sent as an attachment to an email from an unknown source.

As cybercriminals increasingly target cryptocurrency holders, the industry will have to find ways to educate and protect the community.