Zaraza Bot is being sol on Telegram and targets 38 web browsers.

Zaraza bot is a recently discovered malware that is designed to steal user credentials and is actively being sold on Telegram, a popular messaging app that is widely used by cybercriminals for communication and coordination. To make matters worse, the attackers behind the Zaraza bot are using Telegram as a command-and-control server.

“Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors,” cyber security firm Uptycs stated in a research published last week.

“Once the malware infects a victim’s computer, it retrieves sensitive data and sends it to a Telegram server, where the attackers can access it immediately.”

Zaraza bot, a 64-bit binary file in C#, has the ability to target a wide range of web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex, totalling up to 38 different browsers. Additionally, the malware can take screenshots of the currently active window, which can provide the attackers with sensitive information about the victim’s activities.

This credential-stealing malware is the latest threat to valuable online services, such as online bank accounts, bitcoin wallets, email accounts, and other websites.

The theft of credentials is a significant concern as it allows threat actors to gain unauthorized access to victims’ accounts and potentially engage in identity theft and financial fraud. With stolen login information, attackers can pose as the victim and gain access to sensitive personal and financial data.

Uptycs has obtained evidence that the Zaraza bot is being offered as a commercial tool for other hackers in exchange for a subscription. Currently, it is unclear how the malware spreads, but in the past, information thieves have used various methods, such as malvertising and social engineering.

It is important to note that malware-as-a-service (MaaS) is becoming more prevalent among cybercriminals, and it can allow even inexperienced attackers to carry out sophisticated attacks. Therefore, it is crucial for users to remain vigilant and take necessary precautions to protect themselves from such threats.

These findings align with the recent disclosure of a GuLoader (aka CloudEyE) campaign which targeted the financial industry through phishing emails that used tax-themed baits to deliver information stealers and remote access trojans (RATs) like Remcos RAT by eSentire’s Threat Response Unit (TRU).

This development is also linked to the rising use of malvertising and search engine poisoning techniques to spread a growing number of malware families. Attackers often use these techniques to trick unsuspecting users into downloading and installing fake software installers that contain credential-stealing payloads. This highlights the importance of being cautious when downloading software from untrusted sources and being vigilant against suspicious ads or links that lead to potentially harmful websites.

A recent investigation by Russian cybersecurity firm Kaspersky has revealed that attackers are using trojanized cracked software, which can be acquired through BitTorrent or OneDrive, to distribute CueMiner. This .NET-based downloader serves as a conduit to install SilentCryptoMiner, a Bitcoin miner.

To mitigate the risks posed by credential-stealing malware, it is recommended that users enable two-factor authentication (2FA) wherever possible. This provides an extra layer of protection, even if an attacker has stolen the user’s login credentials. Additionally, users should ensure that their software and operating system are always up to date with the latest security patches and updates. This can help address known vulnerabilities that attackers can exploit to gain access to sensitive information.

MANAGED CYBERSECURITY SOLUTIONS

Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.

GO TO CYBERSECURITY SOLUTIONS

About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.