Security News > 2023 > April > New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control.

"Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week.

"Once the malware infects a victim's computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately."

A 64-bit binary file compiled using C#, Zaraza bot is designed to target as many as 38 different web browsers, including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex.

The findings come as eSentire's Threat Response Unit disclosed a GuLoader campaign targeting the financial sector via phishing emails by employing tax-themed lures to deliver information stealers and remote access trojans like Remcos RAT. The development also follows a spike in malvertising and search engine poisoning techniques to distribute a growing number of malware families by enticing users searching for legitimate applications into downloading fake installers containing stealer payloads.

To mitigate risks stemming from stealer malware, it's recommended that users enable two-factor authentication and apply software and operating systems updates as and when they become available.

News URL

https://thehackernews.com/2023/04/new-zaraza-bot-credential-stealer-sold.html