The latest threat to plague the digital sphere in none other than the InnfiRAT Malware. It’s one part bot, one part Trojan, and exudes some behavior akin ransomware. More importantly, it preys upon the Bitcoin whale and its large body of cryptocurrency holdings.
If you are a crypto whale, you are probably aware that Bitcoin (BTC), the preeminent cryptocurrency, is now trading at over $10,000. However, what you may not know yet is that your funds could disappear into thin air–thanks to malware that has begun hitting many crypto investors. Meet InnfiRAT, the latest remote access Trojan (RAT) unleashed on vulnerable “virtual currency holders” to empty their wallets within the shortest possible time.
While the details of the masterminds behind this malicious program remain sketchy at the time of this writing, their motives are glaringly obvious. InnfiRAT is on a theft spree, stealing classified information about the users it targets and sending it back to the masked cyber criminals.
How Does InnfiRAT Work?
According to a team of researchers at cybersecurity firm Zscaler, the hackers behind InnfiRAT specifically target competitive, high-stake crypto investors. When the virus finally makes contact with such addresses, it begins scouring the user’s cookies and browsing history searching for login credentials and other sensitive information. The researchers pointed out that more than any other cryptocurrency, it prefers Bitcoin and Litecoin (LTC), which are the market’s leading digital coins. They likened its behavior to a Trojan horse virus to paint a better description of it.
Properties of a Trojan Horse Virus
For those who may not be aware, the Trojan horse is one of the oldest computer viruses known in the realm of cybersecurity. Named after the wooden horse in the Ancient Greek city of Troy, Trojan horses, in the world of computing, appear to be harmless at first contact. Over time, it begins to sprout, sending sensitive information from the host computer to the program’s developer. A Trojan horse can also make a number of unauthorized configurations to the computer, and in some cases, even control it from a remote location.
Other effects of a Trojan horse infection are automatic reboots and poor (slow) performance. If nothing is done about it, it continues to propagate, infecting every useful file on your computer. This eventually leads to a crash. These properties, along with the InnfiRAT Malware’s bot-like capability of crawling web addresses (and hence, squander resources), makes it especially devastating.
More InnfiRAT Details
With its code written in the .NET framework, the developers of InnfiRAT use it against crypto asset investors who are considered rich and vulnerable. It always looks out for antivirus software and pays more attention to virtual machine environments. When it strikes, it sends its details to a C&C (command and control) server and makes constant requests for information from the host. In turn, this process ensures that the developer is armed with all the information needed to effortlessly wreak more havoc. Researchers quipped that on a number of occasions, the InnfiRAT virus will influence the C&C server to deploy more Remote Access Trojans within the files of the system.
With threats riddled throughout the computer’s filesystem, InnfiRAT goes feasting on the user’s cryptocurrency data at will. At this point it has reached its “high-risk” destruction level and could potentially stop the user from accessing their own computer. This lock out process is implemented via a secure encryption algorithm that is often very difficult to reverse. Keep in mind, however, that at this juncture, that the InnfiRAT malware isn’t just on a rampage, but its activities are being closely machinated by the masked developer(s).
There is no limit to the information that could be stolen. The InnfiRAT malware can make away with the user’s IP address, district, city, country and any other classified data pertinent to achieving the cyber criminal’s mission. Zscaler scientists have confirmed this in several cases in which the virus has been caught attacking a user’s web browser. Among them include Google Chrome, Mozilla Firefox, and Opera.
What InnfiRAT Infection Leads To?
A system that has been fully hijack by the InnfiRAT malware is one that forfeits all information about the crypto-related assets it holds. As it makes off with a user’s digital currency, it leaves behind a filesystem that has been compromised to a reasonable extent. This enables the InnfiRAT malware to keep expanding—coming back for more and intermittently striking the server of the unsuspecting crypto whale.
Any cryptocurrency ecosystem is especially vulnerable to one or more of the following disadvantages of InnfiRAT infection:
Pilfering login keystrokes and data
(Re)formatting hard drives
Rearrange physical and virtual drives
Spying on user through webcams
Put simply, when the InnfiRAT takes over a crypto user’s system, it carries out the commands issued by its sender. A range of damage can be inflicted upon the machine, but the most critical goal of the sender is to ensure that all digital coins are compromised.
Like any harmful program that makes its way into a computer or network, it becomes nearly impossible to stop it. This is partially because malware doesn’t always rear its ugly face the moment it intrudes. The process is more like a slow injection of venom into your computer, propelling the InnfiRAT malware, in particular, to the top of a growing list of threats that have attacked crypto users in recent times. It is as versatile as it is vicious, enabling its sender to bounce from one computer network to another in endless search for vulnerable crypto investors to prey on.
Basic Workings of Cryptocurrency Wallet
If you are not familiar with how digital coins are stored, it is not much different from a wallet that fits into your pocket. In it, you keep your credit cards and hard-earned paper money. But crypto currency is a virtual asset, which means that crypto investors need computer hardware for storing digital coins like Bitcoin, Ethereum (ETH), and other Altcoins. Many times, a desktop or laptop computer can server as a cryptocurrency wallet.
Serious crypto traders prefer to keep their digital currencies in what is known as a hot wallet, or, an Internet-connected storage location. Conversely, users can also store their digital coins in cold wallets, which is often an Internet capable machine but disconnected from both large and small networks.
While cold wallets are obviously a much safer choice, many users prefer to keep their tokens in hot wallets for convenience and on-the-move access. Be it a wallet service provided by a third party or personal device, a user must have direct access in order to spend, trade or invest their cryptocurrency. If one’s Bitcoins are resting in cold storage, he/she cannot readily access them. But with hot storage, one can effortlessly use two-factor authentication to access funds from any smart device and begin trading immediately.
Two-factor authentication is a recent security measure that grants access to a resource after a user’s identity has been verified by two separate prompts. Although this adds a layer of security for cryptocurrency investors, any asset stored in a hot location is potentially vulnerable to InnfiRAT and other forms of Bitcoin Theft.
Summary of Zscaler’s Official Statement
In Zscaler’s official statement, the InnfiRAT malware is noted for being specifically written for pilfering crypto assets—chiefly, Bitcoin and Litecoin. It is released onto computer networks and servers upon identifying a vulnerable target, and begins crawling browser cookies for usernames, passwords and session data. The statement also pointed out that the InnfiRAT malware is capable of capturing screenshots of information displayed from open windows, thus ensuring that its sender has all the necessary details to pinpoint crypto assets.
It was also suggested that the virus can also steal other financial and bank account details. After all, if crypto investor is large enough to be considered a whale, then it would be logical to conclude that they also have large sums of fiat currency. But despite its versatility, fighting the InnfiRAT malware comprises of the usual malware quarantine and precautionary measures you’ve read before. Cryptocurrency users should make use of a credible antivirus (AV) application, refrain from opening email correspondence from untrusted sources, and DO NOT download attachments that appear questionable. Zscaler, in the interim, promises to continue monitoring the threat posed by the InnfiRAT malware in the coming days.
Crypto Attacks Similar to InnfiRAT
It wasn’t that long ago when cybersecurity experts discovered a similar crypto stealing virus known as Glupteba, which perches on the Bitcoin blockchain to remain relatively harmful. Not only that, but we’ve constantly reported from Malware.xyz about the different types of ransomware that invades a computer system, as well as those crypto focused threats that can mine a wide spectrum of digital coins, including Monero.
Like InnfiRAT, Glupteba also steals usernames, passwords and other browser data. But it differs in that it doesn’t utilize Trojan-like engineering, which prompts users to download a file in order to begin harvesting their sensitive information. Glupteba has an entirely different modus operandi. When it strikes a target machine, it does so in the form of a malvertising attack which brute-forces the system to download its dropper.
Protecting your Crypto Wallet from Theft
With rising cyber attacks in the cryptocurrency industry, you must take urgent steps to safeguard your assets. The following is a list of time-tested measures you can implement to keep your digital investments safe.
Be cautious of online services. Mind the websites you visit to avoid exposing your assets to cyber attacks. InnfiRAT and Glupteba aren’t the only vicious malware tools out there. Cyber criminals create lots of these programs in hopes of stealing from unassuming crypto whales. One age old strategy is to bait users through spam emails. When they send these messages and you open them (or their files attached to them), crypto stealing software will be unleashed onto your computer.
Back up and encrypt your wallet. Yes, people make mistakes. That’s why backing up your wallet is so vital to the recovery process should you mistakenly misplace your device. You can go a step further by encrypting it, too. Doing so provides an additional layer of security. Encrypting your wallet and its backup ensures that cyber criminals won’t be readily capable of understanding your login info should they gain access to it.
2 factor authentication (2FA): Having emerged in recent history, this strategy, also known as multi-factor authentication (MFA) requires that you use more than your login details to access to your funds. The series of steps taken in MFA ensures that unauthorized access to your funds remains an uphill task, and often issues a one-time password (OTP) to mobile device. Keep in mind that the number of the mobile device must be linked to that crypto account.
Keep your Coins in Cold Wallets. To date, the most effective method of securing your cryptocurrency is keeping them in an offline device, even though moving your coins back and forth (in order to use them) can be a hassle. However, when you consider the heartbreak associated with cyber attacks that lead to coin theft, then cold wallets may very well be the best solution. Besides using your own computer, there are lots of them on the market. Some examples include Ledger Nano, Trezor, Keeykey, and a host of others that allow you to send online the amounts you wish to use at a time.
Multi-signature Sign-in. Generally, this method requires that you use three keys to secure your account. In other words, before you can access your account, you will need to provide any two keys of the three that were used to lock it. The same applies to the hacker who wishes to access your account.
Check out Bitcoin Hack: Protecting Your Cryptocurrency Wallet from Hackers and Malware for more information about protecting your cryptocurrency wallet.
Zscaler has done a great job with keeping or data-driven society a virus free one. But as a cryptocurrency holder, it is up to you to take expedient steps to protect your account from prying eyes and eavesdroppers. US-based cybersecurity firm CipherTrace disclosed that over $1.7 billion worth of digital coins were stolen from exchanges, trading platforms and scams in 2018. The wave of crypto theft is alarming so you must take the precautionary measures identified above to keep protect yourself InnfiRAT and other crypto stealing malware.