1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This destructive malware is targeting Windows users as a fake pas

    From TechnologyDaily@1337:1/100 to All on Wed Sep 27 12:15:04 2023
    This destructive malware is targeting Windows users as a fake password manager, so beware

    Date:
    Wed, 27 Sep 2023 12:00:32 +0000

    Description:
    A fake Bitwarden password manager is being distributed online.

    FULL STORY ======================================================================

    Cybersecurity researchers from Proofpoint have recently discovered a new
    piece of malware that impersonates Bitwarden in an attempt to steal sensitive information from the victims endpoint.

    After being tipped off by Senior Director of Threat Intelligence at Malwarebytes, Jrme Segura, the researchers discovered that the malware,
    dubbed ZenRAT, was masquerading as a fake version of the popular password manager.

    The threat actors bought the domain "bitwariden[.]com" - a misspelled but deliberately similar domain to the legitimate site, in an technique known as
    a typosquatting - and built a website seemingly identical to Bitwarden's. Stealing data stored in the browser

    It is unknown how the attackers promoted the website, but the researchers suspect either SEO poisoning, malvertising, or social engineering as the most likely vectors.

    Whatever the case may be, when a victim visits the website with a Mac or
    Linux device, and click the corresponding download link, nothing malicious will happen. They will simply be redirected to a completely different, benign page. Windows users, though, will become infected with ZenRAT.

    After establishing a connection with its command & control server (C2), the malware will do a number of things, including gathering system information
    and stealing passwords.

    By using WMI queries, ZenRAT will try to learn the victims CPU name, GPU
    name, OS version, installed RAM, IP address and gateway, as well as any installed antivirus and other applications, Furthermore, it will steal all browser data, including any credentials stored there.

    While Proofpoint urges consumers to be careful when downloading software, and make sure theyre only getting it from trusted sources, the problem is that consumers can easily be tricked.

    With malvertising, its possible that a fake ad for Bitwarden ended up on Google - usually a trusted source. An untrained eye can easily miss the extra i in the URL, and with the website being almost identical to the legitimate one, the campaign can be quite successful.

    It is not known exactly how many people so far have downloaded the malware
    and lost their passwords and other sensitive data in the process. More from TechRadar Pro Top data breaches and cyber attacks of 2022 Here's a list of
    the best firewalls These are the best endpoint protection solutions right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-destructive-malware-is-targeting-w indows-users-as-a-fake-password-manager-so-beware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)