ShiftDelete.net
FOLLOW US

Zaraza Bot: Credential-stealing malware sold and controlled on Telegram

Zaraza bot, a new credential-stealing malware targeting 38 web browsers, is being sold and controlled via Telegram.

Zaraza Bot: Credential-stealing malware sold and controlled on Telegram

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). The malware targets as many as 38 different web browsers, including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex. According to cybersecurity company Uptycs, once the malware infects a victim’s computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately.

Capturing Valuable Login Credentials

Zaraza bot, a 64-bit binary file compiled using C#, is the latest example of malware capable of capturing login credentials associated with online bank accounts, cryptocurrency wallets, email accounts, and other valuable websites. Stolen credentials pose a serious risk, allowing threat actors to gain unauthorized access to victims’ accounts and conduct identity theft and financial fraud.

Evidence gathered by Uptycs points to Zaraza bot being offered as a commercial tool for other cybercriminals for a subscription. The exact method of malware propagation is currently unclear, but information stealers have typically leveraged several methods such as malvertising and social engineering in the past.

Recent Malware Campaigns

The discovery of Zaraza bot comes as eSentire’s Threat Response Unit (TRU) disclosed a GuLoader (aka CloudEyE) campaign targeting the financial sector via phishing emails, using tax-themed lures to deliver information stealers and remote access trojans (RATs) like Remcos RAT. Additionally, there has been a spike in malvertising and search engine poisoning techniques to distribute various malware families by enticing users searching for legitimate applications into downloading fake installers containing stealer payloads.

To reduce risks associated with stealer malware, it is recommended that users enable two-factor authentication (2FA) and apply software and operating system updates as they become available. Russian cybersecurity firm Kaspersky also recently revealed the use of trojanized cracked software downloaded from BitTorrent or OneDrive to deploy CueMiner, a .NET-based downloader that acts as a conduit to install a cryptocurrency miner called SilentCryptoMiner.

Zaraza Bot

SDN Comments 0 Comments

Comment

Related News

iPhone Battery Replacement
Apple is making a big change in hardware!
Huawei MatePad Pro 12.2-inch and 12 X introduced!
Huawei MatePad Pro 12.2-inch and 12 X introduced!
Huawei Watch GT 5 series and more unveiled
Huawei Watch GT 5 series and more unveiled
Lenovo Yoga Slim 7i Aura Edition: Beats Apple MacBooks with 24-hour battery life
Lenovo Yoga Slim 7i Aura Edition: Beats Apple MacBooks with 24-hour battery life

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Co-Founder.Work Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio