Researchers at Z
“As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” states a blog post published by Zscaler. “Among other things, InnfiRAT
Upon execution, the malware initially checks whether the file
The malicious code will make a copy of itself in the AppData directory before writing a Base64 encoded PE file in memory to execute the main component of the Trojan.
As the execution of the malware starts, it checks for the presence of
The InnfiRAT Trojan can also deploy additional payloads to steal files, capture browser cookies to harvest stored credentials for various online services and grab open sessions. The malware is also able to shut down traditional antivirus processes.
“Because RATs are usually downloaded as a result of a user opening an email attachment or downloading an application that has been infected, the first line of defense is often the users who must, as always, refrain from downloading programs or opening attachments that