InnfiRAT malware: New threat to cryptocurrency wallet data

The crypto world faces another security threat, a Trojan that focuses only on the theft of cryptocurrency-related data.

A remote access Trojan (RAT) dubbed InnfiRAT which is written in .NET is said to have certain capabilities to steal sensitive data through phishing emails which contain malicious attachments.

The Trojan operates by landing on a vulnerable machine and starts making copies of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory in-order to be fully capable of functioning.

The malware has several anti-analysis measures such as, if it recognizes that it’s running in a sandbox, it will terminate itself or it would collect enough data of the compromised machine. InnfiRAT also terminates itself once it discovers that it is in a process of tools used for process monitoring such as Process Hacker and Process Monitor.

There are a number of commands that the InnfiRAT can process, but instead, it has been advised by the infiltrators to focus only on crypto wallets and cookie information from the web browsers.

"InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has Screenshot functionality so it can grab information from open windows," said the ZscalerThreatLabZ who recently came across this new RAT.