by Nick Kael
Posted on May 2, 2023
Want to interview Nick?
ContactThere’s a new addition to the cybercriminal toolbox. “Zaraza bot” is malware that steals login credentials from almost all types of browsers.
Zaraza means “infection” in Russian, and that’s exactly what the Zaraza bot delivers to computers. The malware scans through users’ browsers to find login credentials, which it successfully decrypts despite the double-encryption used by most browsers. The credentials are saved to an output.txt file, which is then shared to a Telegram server, on a channel used primarily by hackers. Telegram also serves as a command-and-control (C2) platform for Zaraza. The malware works on 38 different types of browsers, including those that are most popular like Chrome, Edge, and Opera.
Technical details about the Zaraza bot were published by uptycs, which discovered the malware.
Zaraza enables theft of a lot of data, making it an especially dangerous piece of malware. In allowing hackers to gain unauthorized access to victims’ accounts, it facilitates identity theft and many types of financial fraud. Attackers may use the stolen credentials themselves for these attacks, or they can sell the credentials on the dark web for others to misuse.
Reports did not specify how Zaraza is distributed, but it is safe to assume that it’s via the usual ways of propagating malware – the phishing, malvertising, and social engineering methods that have been proven so effective for all kinds of attacks. Because Zaraza is being offered on a subscription basis, we can expect each attacker to promulgate attacks via their own favorite mechanisms.
There are several steps that can be taken to protect yourself and your business from Zaraza:
Zero Trust technologies like ZTNA and RBI operate on the assumption that every website or file may be malicious, and therefore must be handled in a way that prevents infection and spread.
Because Zero Trust includes the assumption that breaches occur, ZTNA leverages microsegmentation and least privilege access to limit the resources and data a cybercriminal can access and exfiltrate, should they get in.
Zaraza bot is just the latest credential stealing malware to surface, but it certainly won’t be the last. As commercial availability of malware increases, cybercriminals will no longer need to be technologically sophisticated to successfully execute cyberattacks. With threats increasing, it is more important than ever to protect your organization and its distributed endpoints with a comprehensive Zero Trust solution like the ZTEdge Security Service Edge (SSE) platform.
“Operation Duck Hunt” Shuts Down QakBot Botnet
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
How GenAI is Supercharging Zero-Day Cyberattacks
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.
Cybercriminals Disdain the Law, But Find Law Firms Attractive
Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.