There might be a filthy 'RAT' (remote access trojan) lurking inside your PC, but do not bother calling pest control. We are not talking about the actual rodent, but a trojan that security researchers are calling InnfiRAT. This nasty bit of code is written in .NET and is designed to access and steal personal data from infected PCs, and specifically cryptocurrency wallet information.
That includes Bitcoin and Litecoin, two of the more popular forms of cryptocurrency. According to security researchers at Zscaler, InnfiRAT also helps itself to browser cookies to steal stored usernames and passwords, along with session data. Those activities are concerning, but the malware is even more nefarious in its capabilities.
"In addition, this RAT has screenshot functionality so it can grab information from open windows. For example, if the user is reading email, the malware takes a screenshot. It also checks for other applications running on the system, such as an active antivirus program," Zscaler says.
The data it swipes is sent to a command and control (C&C) server, but that is not the end of the line. As part of the process, it requests further instructions. In some cases, the C&C server may instruct the RAT to download additional malware onto the infected PC, causing further headaches.
Zscaler breaks down the technical details of how InnfiRAT works in an extensive blog post (hit the link in the Via field below), but the gist of it is, this RAT (by its very nature) gives attackers remote access to infected PCs by way of a backdoor.
The list of unscrupulous activities enabled by this malware extends well beyond pick pocketing a user's cryptocurrency wallet—logging keystrokes, accessing personal information, spying on a user through their webcam, formatting drives, and the list goes on. It's all (un)fair game.
As is commonly the case with these sorts of things, the best line of defense is to practice smart computing habits. For the most part, RATs find their way onto PCs by hiding in email attachments and in infected applications.
"The first line of defense is often the users who must, as always, refrain from downloading programs or opening attachments that aren't from a trusted source," Zscaler says.
You should also make sure your antivirus software is up and running, and up to date.
Gloss