InnfiRAT – A New RAT That Hunts for cryptocurrency Info, Browser Cookie Data
A RAT, remote-access trojan, is a type of malware that includes a backdoor, giving intruders the ability to control the targeted computer remotely and enabling them to perform any number of tasks, such as logging keystrokes, accessing confidential information, activating the system’s webcam, taking screenshots, formatting drives, and more. They can also be designed to spread to other systems on a network.
As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer. Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data.
In addition, this RAT has ScreenShot functionality so it can grab information from open windows. For example, if the user is reading email, the malware takes a screenshot. It also checks for other applications running on the system, such as an active antivirus program.
InnfiRAT sends the data it has collected to its command-and-control (C&C) server and requests further instructions. The C&C can also instruct the malware to download additional payloads onto the infected system.
Written in .NET, the RAT takes secret screenshots to capture any sensitive information that may be displayed on a user’s screen at a given time.
To avoid detection, InnfiRAT looks out for virtual machine environments and can also check for antivirus programs.