Remote Access Trojans (RATs) are among the most versatile tools in the arsenal of cybercriminals. They are loaded with tons of features usually and provide their operators with the ability to take complete control over the victim’s machine. In addition to this, they also support modules to execute specific operations that allow the attacker to collect particular files or data from the infected machine. InnfiRAT is one of the new RAT projects to be spotted in the wild, and it appears to have special modules dedicated to collecting cryptocurrency wallets and cookies from the victim’s machine. Of course, it also packs many of the other features you would expect to see in a Remote Access Trojan.
InnfiRAT may be a Private Hacking Tool
Often, software like this is being sold on hacking forums, but we are yet to encounter any advertisements promoting InnfiRAT’s features. This may mean that the project is meant to be used privately, by just one group of criminals. Regardless of their plans, it is clear that InnfiRAT is an advanced project that has modules dedicated to evading anti-virus engines, sandboxes and malware analysis tools. Upon execution, it will perform a series of checks to ensure that it is not being run in a controlled environment. Furthermore, it looks for the process names used by specific malware analysis tools and terminates them. Last but not least, it plants its files in the %APPDATA% folder and disguises itself as ‘NvidiaDriver.exe.’
Attackers may Try to Collect Files Containing Information
If the attack goes without a hitch, InnfiRAT will connect to the control server and wait for the attacker’s commands. The version of InnfiRAT seen in the wild appears to support a wide range of commands that would enable the attackers to execute the following tasks:
- Download and run files from the Internet.
- Collect a system fingerprint (hardware, software, network configuration, workgroup, etc.).
- Collect cookies from popular Web browsers (Orbitum, Yandex, Opera, Mozilla, Chrome, Kometa, Amigo, Torch and others).
- Scan the ‘Desktop’ folder for ‘.txt’ files that are under 2MB in size and transfer them to the attacker’s server.
- Enumerate running processes and allow the attacker to kill them at will.
- Collectl ‘.wallet’ files associated with Bitcoin and Litecoin wallets.
- Take screenshots of the desktop or currently active window, and send it to the control server.
- Use the Windows Command Prompt to execute commands.
There is no reliable information about the infection vectors that the authors of the InnfiRAT may use to spread their threatening application. It is recommended to stay away from shady websites, pirated media and software, email attachments from unknown senders and downloads from unknown websites. Furthermore, you should protect your computer by running an up-to-date version of a reputable anti-virus software suite.
Do You Suspect Your PC May Be Infected with InnfiRAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like InnfiRAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.