InnfiRAT
InnfiRAT is spyware that collects credentials from your computer through multiple methods. Although it's capable of compromising logins for other accounts, its payload emphasizes cryptocurrency wallets. Users should maintain unique passwords for all accounts' safety and have Windows anti-malware tools for removing InnfiRAT on a proactive basis.
A Remote Access Trojan that Wants Your Crypto-Coins
Remote Access Trojans or RATs, usually, run easy-to-use administrative backdoors for attackers. However, some of them do display narrower interests than others, such as InnfiRAT. This Windows, .NET Framework Trojan is a specialist in collecting information, mostly, from your cryptocurrency wallet.
InnfiRAT targets multiple types of wallets, including Bitcoin, the Bitcoin fork of Litecoin, and others. After gaining the user's credentials and related wallet information, InnfiRAT passes it along to the attacker's Command & Control server. Malware researchers also are finding other capabilities within InnfiRAT's payload's scope, such as:
- InnfiRAT can fetch cookie-based, Web-browsing information, including session data, passwords, and usernames.
- InnfiRAT can take screenshots for capturing visual information outside of browser cookies or wallet credentials.
- InnfiRAT includes a handful of anti-analysis features and will close itself inside of a sandbox or virtual environment, which keeps samples from receiving their due inspections by AV vendors.
- InnfiRAT also can identify which programs are running on the Windows machine, particularly, any anti-virus services of well-known brands. After identifying them, it can close ones that it considers as being threatening to the Trojan.
- InnfiRAT exploits the Windows component of CMD for scheduling its execution.
Catching a RAT that's after Your Wallet
Like Predator the Thief or ProtonBot's clipper module, InnfiRAT turns cryptocurrency into a resource for the benefit of the Trojan's admin. Such threat actors may use different methods of compromising PCs, including torrent-seeding for random victims, e-mail for compromising businesses, or port-scanning against vulnerable servers. Although InnfiRAT is a Windows threat, similar ones are circulating, in lesser numbers, for Linux and macOS systems.
Users should save unique passwords per login, which will limit InnfiRAT's account-hijacking possibilities to locally-stored data. Symptoms of this RAT are not visually-overt, and most users won't see warning messages or other indications of InnfiRAT infections being persistent in the system. Meanwhile, an attacker can use InnfiRAT's backdoor features for other activities besides hijacking wallets – and their money.
Let up-to-date anti-malware solutions uninstall InnfiRAT as they identify it, and avoid typical vulnerabilities, such as active macros instead of e-mail-attached documents, for dodging any infection attempts.
InnfiRAT takes a proactive approach to avoiding any analysis and can auto-terminate and identify specific processes that would pose a risk to it. Users should maintain a similarly forward-looking posture, and stand by security practices that avert, rather than undo, Trojan infections.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.