by Nick Kael
Posted on May 2, 2023
Want to interview Nick?
ContactThere’s a new addition to the cybercriminal toolbox. “Zaraza bot” is malware that steals login credentials from almost all types of browsers.
Zaraza means “infection” in Russian, and that’s exactly what the Zaraza bot delivers to computers. The malware scans through users’ browsers to find login credentials, which it successfully decrypts despite the double-encryption used by most browsers. The credentials are saved to an output.txt file, which is then shared to a Telegram server, on a channel used primarily by hackers. Telegram also serves as a command-and-control (C2) platform for Zaraza. The malware works on 38 different types of browsers, including those that are most popular like Chrome, Edge, and Opera.
Technical details about the Zaraza bot were published by uptycs, which discovered the malware.
Zaraza enables theft of a lot of data, making it an especially dangerous piece of malware. In allowing hackers to gain unauthorized access to victims’ accounts, it facilitates identity theft and many types of financial fraud. Attackers may use the stolen credentials themselves for these attacks, or they can sell the credentials on the dark web for others to misuse.
Reports did not specify how Zaraza is distributed, but it is safe to assume that it’s via the usual ways of propagating malware – the phishing, malvertising, and social engineering methods that have been proven so effective for all kinds of attacks. Because Zaraza is being offered on a subscription basis, we can expect each attacker to promulgate attacks via their own favorite mechanisms.
There are several steps that can be taken to protect yourself and your business from Zaraza:
Zero Trust technologies like ZTNA and RBI operate on the assumption that every website or file may be malicious, and therefore must be handled in a way that prevents infection and spread.
Because Zero Trust includes the assumption that breaches occur, ZTNA leverages microsegmentation and least privilege access to limit the resources and data a cybercriminal can access and exfiltrate, should they get in.
Zaraza bot is just the latest credential stealing malware to surface, but it certainly won’t be the last. As commercial availability of malware increases, cybercriminals will no longer need to be technologically sophisticated to successfully execute cyberattacks. With threats increasing, it is more important than ever to protect your organization and its distributed endpoints with a comprehensive Zero Trust solution like the ZTEdge Security Service Edge (SSE) platform.
Zero Trust Security in 2023: The State of the Art has Arrived
Why is Zero Trust adoption happening more rapidly than anyone anticipated? What are the positive and negative forces behind this growth?
Going Bold: Cybersecurity is Not for the Faint of Heart
Ericom's new website features a new design, colors, and logo symbolize the strong protection offered by our cloud-based cybersecurity solutions
With AI, Even Amateurs Can Create Sophisticated Malware
Despite good faith attempts at building in guardrails, generative AI platforms have been successfully coaxed to create undetectable malware.