by Nick Kael
Posted on May 2, 2023
Want to interview Nick?
ContactThere’s a new addition to the cybercriminal toolbox. “Zaraza bot” is malware that steals login credentials from almost all types of browsers.
Zaraza means “infection” in Russian, and that’s exactly what the Zaraza bot delivers to computers. The malware scans through users’ browsers to find login credentials, which it successfully decrypts despite the double-encryption used by most browsers. The credentials are saved to an output.txt file, which is then shared to a Telegram server, on a channel used primarily by hackers. Telegram also serves as a command-and-control (C2) platform for Zaraza. The malware works on 38 different types of browsers, including those that are most popular like Chrome, Edge, and Opera.
Technical details about the Zaraza bot were published by uptycs, which discovered the malware.
Zaraza enables theft of a lot of data, making it an especially dangerous piece of malware. In allowing hackers to gain unauthorized access to victims’ accounts, it facilitates identity theft and many types of financial fraud. Attackers may use the stolen credentials themselves for these attacks, or they can sell the credentials on the dark web for others to misuse.
Reports did not specify how Zaraza is distributed, but it is safe to assume that it’s via the usual ways of propagating malware – the phishing, malvertising, and social engineering methods that have been proven so effective for all kinds of attacks. Because Zaraza is being offered on a subscription basis, we can expect each attacker to promulgate attacks via their own favorite mechanisms.
There are several steps that can be taken to protect yourself and your business from Zaraza:
Zero Trust technologies like ZTNA and RBI operate on the assumption that every website or file may be malicious, and therefore must be handled in a way that prevents infection and spread.
Because Zero Trust includes the assumption that breaches occur, ZTNA leverages microsegmentation and least privilege access to limit the resources and data a cybercriminal can access and exfiltrate, should they get in.
Zaraza bot is just the latest credential stealing malware to surface, but it certainly won’t be the last. As commercial availability of malware increases, cybercriminals will no longer need to be technologically sophisticated to successfully execute cyberattacks. With threats increasing, it is more important than ever to protect your organization and its distributed endpoints with a comprehensive Zero Trust solution like the ZTEdge Security Service Edge (SSE) platform.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.