Skip to main content

Zscaler Reveals InnfiRAT Malware That Targets Crypto Wallets

(Image credit: MAHATHIR MOHD YASIN / Shutterstock)

Movies always make robberies seem like very hands-on jobs. The wannabe thieves have to assemble their crew, scope out their chosen target's security, and then perfectly execute their plans. (Bonus points if they do so after synchronizing their watches.) It turns out there's an easier way to steal people's money, though, with the Zscaler security company revealing on Thursday new InnfiRAT malware that steals information about cryptocurrency wallets.

A quick explanation for anyone who isn't familiar with the concept: people store their Bitcoin, Ethereum and other cryptocurrencies in digital wallets. Some of these wallets are "hot," which means they're connected to the internet, while their "cold" counterparts can only be accessed locally. The former is mostly used when someone is actively trading their coins; the latter is primarily used for long-term storage. But those are just generalizations.

Many people don't bother to store their cryptocurrency wallets on non-connected drives because it's not convenient. It can also be dangerous if someone forgets where the drive is, if the drive is destroyed or if they forget the password used to secure the drive. Fortunes can be lost if anything happens to this cold storage. Hot wallets are far more convenient, even if they're easier to compromise than their cooler, non-internet-connected counterparts.

Here's what Zscaler said about InnfiRAT's purpose:

"As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user's computer. Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. InnfiRAT also grabs browser cookies to steal stored usernames and passwords, as well as session data. In addition, this RAT has ScreenShot functionality so it can grab information from open windows. For example, if the user is reading email, the malware takes a screenshot. It also checks for other applications running on the system, such as an active antivirus program."

That means pilfering cryptocurrency wallets isn't the malware's only purpose. The additional information InnfiRAT gathers could be used to access someone's bank account, for example, or similar financial services. Zscaler said RATs like this could also be used "to perform any number of tasks, such as logging keystrokes, accessing confidential information, activating the system's webcam, taking screenshots, formatting drives, and more."

All of the usual precautions apply to InnfiRAT. Don't open messages from untrusted senders, and if you do, refrain from downloading anything they sent along with the message. Otherwise, Zscaler said that it "continues to monitor this threat" to make sure its users are protected.