HQ/EMEAFind out how we can help your business
A new ZenRAT malware strain has recently surfaced and poses a significant threat to Windows system users. This malware has appeared in the wild recently, with its distribution method still a mystery. However, past encounters with similar campaign methods suggest that ZenRAT may leverage tactics, such as SEO poisoning, adware bundles, or malspam attacks, to breach systems.
ZenRAT initially made its presence known through a deceptive website that impersonated an affiliate, the open-source password manager Bitwarden. Moreover, the malicious website will redirect site visitors, not Windows users, to a cloned article from opensource[.]com, published back in March 2018.
On the other hand, the site traps Windows users with a counterfeit Bitwarden installer to exploit their vulnerability. However, the operation will also redirect users who download links for Linux or macOS to the authentic Bitwarden website, leaving them unaffected by the malware infection.
The new ZenRAT malware campaign prioritises information-stealing operations.
The new ZenRAT malware strain possesses a modular Remote Access Trojan (RAT) that could specialise in information theft attacks. Upon execution, it employs a combination of Windows Management Instrumentation (WMI) queries and various system tools to harvest and extract critical system information.
The compromised data could include the CPU and GPU names, OS version, available RAM, IP address, and a list of installed AV programs and applications found on the compromised systems.
The stolen data contains browser info and sensitive credentials, which the operation discreetly packaged into a zip file named “Data.zip” and exfiltrated to the malware’s Command and Control (C2) server.
Considering these emerging threats, Windows users should remain vigilant. Furthermore, they should be cautious once they encounter ads in search engine results since most of these are prominent vectors for malware distribution.
ZenRAT commonly uses app installers for its distributions; therefore, individuals should be careful downloading software from unverified and sketchy sources. Verifying the legitimacy of these domains’ hosting software could greatly benefit users since it could mitigate infection.
Awareness and vigilance remain the most effective weapons of numerous users against these attacks. ZenRAT’s latest campaign indicates that cybercriminals constantly improve their tactics to counter any precautionary methods their targets could employ.
