New Bitcoin Wallet-Focused Trojan Uncovered by Security Researchers

Published at: Sept. 19, 2019

A new Remote Access Trojan (RAT) malware that steals Bitcoin (BTC) wallet data has been discovered by security researchers, according to a Sept. 12 report from Zscaler ThreatLabZ.  

The RAT, dubbed InnfiRAT, is designed to perform a wide range of tasks on the infected machines, including specifically seeking out Bitcoin and Litecoin (LTC) wallet data.

A multi-pronged attack on infected systems

As the researchers note, InnfiRAT is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications. 

The malware is designed to access and steals personal data stored on victims’ computers — grabbing browser cookies to steal stored usernames and passwords, as well as session data. It can also take screenshots to steal information from open windows and scour the system for other running applications to target.

Once collected, the data is sent to a command-and-control (C&C) server, requesting further instructions, which can include downloading additional payloads onto the infected system. 

Zscaler ThreatLabZ details how the RAT is designed to retrieve Bitcoin wallet data as follows:

“The malware creates an empty list of the BitcoinWallet type where BitcoinWallet has two keys, namely:

‘WalletArray’

‘WalletName’

A check is performed to see if a file for a Litecoin or Bitcoin wallet is present in the system at the following location:

Litecoin: %AppData%\Litecoin\wallet.dat

Bitcoin: %AppData%\Bitcoin\wallet.dat

If it is found, then the element of type BitcoinWallet is added to the list after assigning a name to the WalletName key and reading the corresponding wallet file in the WalletArray key.

Finally, the created list is sent in response to the C&C server.”

Caution against untrusted sources

In conclusion, the security researchers warn of the prevalence of RATs such as InnfiRAT, which can be designed to not only to access and steal confidential data but also to log keystrokes, activate a system's webcam, format drives and spread to other systems on a given network.

They note that systems are usually infected by a RAT by downloading infected applications or email attachments, warning users not to download programs or open attachments from unknown sources.

As reported this summer, Zscaler ThreatLabZ had previously published its discovery of another RAT called Saefko, also written in .NET and designed to retrieve browser history and look for activities including cryptocurrency transactions.

Tags
Bitcoin
Cryptocurrencies
Security
Litecoin
Malware
Related Posts
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
Maze Ransomware Group Hacks Two Plastic Surgeons
A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet. Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data: “The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during …
Bitcoin / May 6, 2020
Coinbase Moves $5 Billion, Reports Largest Crypto Transfer on Record
Major cryptocurrency exchange and wallet Coinbase recently made what it claims is the largest transfer of crypto on record, a company blog post reports Dec. 19. According to the post, 5 percent of all Bitcoin (BTC), 8 percent of all Ethereum (ETH), and 25 percent of all Litecoin (LTC), along with “many other assets” were moved to new cold storage infrastructure in what the firm “believe[s] is the largest crypto migration on record.” Coinbase reports that last week, the firm “completed an on-blockchain migration of approximately $5 Billion (as valued the week ending Dec. 7, 2018) of cryptocurrency from Generation …
Bitcoin / Dec. 20, 2018
Citrix Survey: More Than Half of UK Companies Hit by Cryptojacking Malware at Some Point
As much as 59 percent of U.K. companies have been affected by cryptojacking malware at some point. Roughly half of those cases took place in the previous month, news outlet Internet of Business reports August 15, citing a research commissioned by Citrix. According to Internet of Business, the research, commissioned by software company Citrix and performed by OnePoll, asked 750 IT executives from U.K. companies that number more than 250 employees about their experience with cryptojacking attacks. Cryptojacking malware employs its victim’s computational resources without their permission in order to mine cryptocurrencies for the attacker. This leads to a wasteful …
Bitcoin / Aug. 15, 2018
Bobby Lee, ‘BTC Maximalist’: Bitcoin’s Value Is in the Eye of the Beholder
This interview has been edited and condensed. Recently at BlockShow Europe 2018, Cointelegraph got the chance to speak to Bobby Lee — co-founder of Chinese crypto exchange BTCC and a board member at the Bitcoin Foundation — about what he’s been up to in the crypto space since BTCC shut down last fall. Molly Jane: In the past few months, Chinese crypto regulations have steadily been increasing, from the ICO ban in the fall of last year, the January ban of “exchange-like services,” and the February ban of foreign exchanges. With your experience working in China in mind, do you …
Bitcoin / June 21, 2018