A new malware targeting only Windows users has emerged, without experts understanding how the software is distributed.
Proofpoint researchers, specializing in computer security, informed us this Tuesday that they have identified a new threat, called ZenRAT, which takes the form of a remote access Trojan horse. As a malicious module, it targets Windows users with the aim of stealing their sensitive information, by falsely associating with the Bitwarden password manager. Let’s look at this in more detail.
How ZenRAT uses Bitwarden’s image to achieve its ends
The ZenRAT malware shines in its malevolence in that it is hidden in fake Bitwarden installation packages, of which the hackers have also developed a particularly convincing double.
For the moment, and this is undoubtedly the most worrying, experts do not know how the Trojan horse is distributed. Its propagation could be carried out using techniques such as appearing in search results, by parasitizing SEO, via adware packs or even by e-mail.
ZenRAT, the executable contained in the standard Bitwarden installer package, appears to have been specifically designed to target Windows users only. The malicious website only displays the fake Bitwarden download if a user accesses it via a Windows host. A “non-Windows” user is therefore spared, by being redirected to a completely harmless web page.
Data-hungry malware
According to the metadata generated by ZenRAT and collected by specialists, we know that the malware collects different information about the infected host. We can in particular mention the name of the CPU, that of the GPU, the version of the operating system, the installed RAM, the IP and gateway address, the installed antivirus, the computer applications. Stolen browser data and credentials have also been observed.
Malware is often distributed using files masquerading as legitimate application installers. Users should then be careful to only download software from a trusted source, and to check the domains that host it.
Internet users should also be wary when they see advertisements in search engine results. It is one of the main vectors of infections of this nature, “ and especially this year », Explain the Proofpoint researchers.
Looking for an alternative to Bitwarden?
See the price
8
- Complete and effective protection
- Unlimited VPN
- Quality additional software
The Avast Ultimate 2021 edition has many arguments to make. Equipped with state-of-the-art defensive modules, it is capable of blocking the most sophisticated threats without batting an eyelid. In addition to unlimited VPN, it includes powerful privacy and system optimization software. Thanks to well-designed ergonomics, it is a simple and comfortable suite to use on a daily basis for the greatest number of people. The only downsides are a neglected web interface and the absence of parental controls on PC and Mac. Avast is on the right path, but will have to make some further efforts to rise to the level of the best premium security suites.
The Avast Ultimate 2021 edition has many arguments to make. Equipped with state-of-the-art defensive modules, it is capable of blocking the most sophisticated threats without batting an eyelid. In addition to unlimited VPN, it includes powerful privacy and system optimization software. Thanks to well-designed ergonomics, it is a simple and comfortable suite to use on a daily basis for the greatest number of people. The only downsides are a neglected web interface and the absence of parental controls on PC and Mac. Avast is on the right path, but will have to make some further efforts to rise to the level of the best premium security suites.
Source : Proofpoint
1