Security researchers discover a new Trojan focused on Bitcoin purses

Security researchers have discovered a new Trojan malware for remote access (RAT) that steals data from Bitcoin wallets (BTC) according to a September 12 report by Zscaler ThreatLabZ.

The RAT, called InnfiRAT, is designed to perform a wide range of tasks on infected computers, including the specific search for Bitcoin and Litecoin (LTC) wallet data.

An attack on several fronts against infected systems

As the researchers point out, InnfiRAT is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications.

The malware is designed to access and steal personal data stored on victims’ computers, capturing browser cookies to steal stored usernames and passwords, as well as session data. You can also take screenshots to steal information from open windows and track the system to go to other running applications.

Once collected, the data is sent to a control and command server (C&C), where additional instructions are requested, which may include downloading additional payloads to the infected system.

Zscaler ThreatLabZ details how the RAT is designed to obtain Bitcoin wallet data:

“The malware creates an empty list of the BitcoinWallet type where BitcoinWallet has two keys, namely:

WalletArray ’


A check is made to see if there is a file for a Litecoin or Bitcoin wallet in the system at the following location:

Litecoin:% AppData% Litecoin \ wallet.dat

Bitcoin:% AppData% Bitcoin \ wallet.dat

If found, the BitcoinWallet type element is added to the list after assigning a name to the WalletName key and reading the corresponding wallet file in the WalletArray key.

Finally, the created list is sent in response to the C&C server. ”

Caution against unreliable sources

In conclusion, security researchers warn about the prevalence of RATs such as InnfiRAT, which can be designed not only to access and steal confidential data, but also to record keystrokes, activate a system’s webcam, format drives and propagate them to other systems in a given network.

They point out that systems are usually infected by a RAT when downloading infected applications or email attachments, warning users not to download programs or open attachments from unknown sources.

As reported this summer, Zscaler ThreatLabZ had previously published its discovery of another RAT called Saefko, also written in .NET and designed to obtain browser history and search for activities including transactions in cryptocurrencies.


Disclaimer: This press release is for informational purposes information does not constitute investment advice or an offer to invest. The views expressed in this article are those of the author and do not necessarily represent the views of infocoin, and should not be attributed to, Infoc

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *