![]() ![]() ![]() It’s worth noting that password managers have frequently been targeted in cyberattacks and scams, with LastPass being a notable example.Īs a safer alternative, the top three browsers-Google Chrome, Mozilla Firefox, and Safari-offer free password manager features. Researchers strongly advise users to exercise caution when downloading software and recommend obtaining applications exclusively from official sources. Exercise Caution When Using a Password Manager The checks also include geofencing to ensure it isn’t installed in any Russian-speaking region. This modular RAT also runs anti-sandbox and anti-VM checks to determine if it is safe to operate on the device. Moreover, the executable has an invalid signature that seems to be signed by FileZilla fame German computer scientist Tim Kosse. ![]() It is a freeware Windows utility that displays hardware/software-related information. NET executable titled (ApplicationRuntimeMonitor.exe).Īccording to Proofpoint’s blog post, when researchers examined the malicious installer package’s metadata, they observed that the attacker had masqueraded it as Priform’s Speccy. This trojanized version of the legit Bitwarden installer contains a. The payload is titled Bitwarden-installer-version-.exe and downloaded via crazygamescom. Previously, the malware was distributed in such campaigns through phishing, SEO poisoning, or malvertising attacks. However, researchers didn’t specify how the visitors are redirected to the website. It redirects the website visitors to a benign website. ZenRAT transmits the logs to the C2 server in plaintext. It can also steal browser data and passwords. It will also extract information about installed antivirus solutions and other apps. ZenRAT can steal information like the CPU and GPU names, OS version, RAM, IP address, and device gateway. Once this is done, the malware will collect desired data, including system details and stored credentials. If a Windows user clicks on it, their device will be infected with ZenRAT, and the malware will establish a connection with its C2 server (185.186.7214). If a visitor clicks on the downloadable link marked for another platform (e.g., Linux or macOS), they are redirected to the original Bitwarden website () on the Downloads page. ZenRAT’s main targets are unsuspecting Windows users. If a user pays attention, it is easy to catch that malware operators have used the typosquatting technique because the fake website is titled bitwaridencom. This bogus installation package, dubbed ZenRAT, is delivered via a fake Bitwarden website, which looks exactly like the original one but is not legitimate. ZenRAT is a modular RAT capable of stealing sensitive information.Įnterprise security firm Proofpoint’s cybersecurity researchers have discovered a spooky new malware distributed as an installation package for the popular password manager Bitwarden to deceive users and steal sensitive data from their devices.It specifically looks for Windows-based devices.Malware operators have designed a fake Bitwarden website to deliver the malware.ZenRAT malware is distributed as an installation package for the widely used Bitwarden password manager.If you’ve installed Bitwarden Password Manager recently, ensure that you downloaded it from its official website and not from a fraudulent, malicious source.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |