AcridRain

AcridRain is spyware that collects data from your Web browsers, cryptocurrency wallets and other accounts. Since this threat is available to third parties, its infection strategies may be diverse, although its payload has limited configuration options for attacking your PC. Users should protect themselves by keeping anti-malware products for deleting AcridRain immediately, and, if recovering from an attack, change all possibly compromised passwords, according to the details in this article.

Toxic Weather is Incoming for Chrome and Firefox Fans

Two individuals are marketing a new malware type on the Dark Web after being put together by a Russian programmer. The threat, AcridRain, is running off of code copy-pasted from different projects on GitHub predominantly, which, as with Hidden Tear, shows the dangers of free and potentially threatening programming resources. AcridRain is a security issue for Chrome and Firefox users primarily, for the moment.

AcridRain includes separate, encapsulated attack features for collecting data from various sources. Malware experts outline the more important of these security issues as follows:

• AcridRain targets both Chrome and other, Chromium-derived Web browsers (such as Comodo, the Yandex browser and Nichrome) for the collecting of their protected login credentials, debit or credit card information and cookies. Depending on the version of AcridRain, it may attack the default browser profile, or the default one along with one through three.
• Firefox also is at risk from a similar, data-gathering feature, although the equivalent function for this browser doesn't use any credit card or temporary file-based theft.
• Besides Web-browsing attacks, AcridRain supports compromising the credentials of various cryptocurrency wallets, such as Bitcoin, Electrum, Ethereum, or (in the new version) Monero, Litecoin and Dogecoin.
• AcridRain compromises Steam (an online gaming store) sessions by collecting both SSFN authorization files and the contents of the program's 'config' folder.
• AcridRain also collects any recently-used FileZilla FTP client credentials, although, for some reason, not any saved server ones.
• The last attempt at collecting sensitive information does no more than collect any text files on the user's desktop, along with Telegram sessions, which it bundles into the same ZIP archive that it uses for transferring the rest of the collected info.

Taking Out the Toxin When It's Raining Software

While AcridRain is in steady development and is acquiring new functionality at a moderate pace, its most significant attacks are, for its victims, changing between campaigns minimally. The foremost programmer for this project is apparently of Russian origin, due to insight available in some of AcridRain's code comment lines, but AcridRain has no district limiters on where it attacks (such as terminating itself after detecting an undesirable IP address on a compromised PC). Infection methods may vary, and malware experts recommend installing all security patches, scrutinizing e-mail messages with care, and avoiding any suspicious download links.

The information that AcridRain compromises grants access to a range of different accounts. PC users with the affected browsers, as well as with any of the services listed previously, should change all passwords and other, sensitive access information promptly after resolving the infection. Malware experts are pleased to note that this threat has limited defenses against threat-detecting software, meaning that almost all anti-malware applications should remove AcridRain by default.

AcridRain is a general-purpose data collector that grabs valuable credentials for some of the most popular programs and services today. With its programming still being in built upon, all Windows users should be sure to defend themselves, and their accounts, by any means necessary.