Zaraza Malware Exploits Web Browsers To Steal Passwords

Researchers have found new malware targeting web browsers in active campaigns. Identified as the Zaraza bot, the malware steals login credentials and other information from web browsers, including Google Chrome, Microsoft Edge, Brave, and others.

Zaraza Malware Exploits

Malware Steal Data Via Web Browsers

According to the details shared in a blog post, the research team at Uptycs discovered a new malware in the wild actively targeting dozens of web browsers.

Briefly, the malware bot, identified as “Zaraza” (which means “infection” in Russian), works as a potent data stealer. It targets 38 different web browsers, including popular ones like Google Chrome, Brave, Opera, Yandex, and Microsoft Edge, to steal stored passwords and other information.

Harvesting this data enables the malware to pilfer a wide range of sensitive details, such as passwords for bank accounts, cryptocurrency wallets, social media sites, and more. In worst cases, such stolen data may even lead to huge financial losses, and identity theft, affecting both individual users and organizations alike.

The malware caught the researchers’ attention while malware hunting when they encountered the malicious binary and analyzed it in a sandboxed environment. The researchers observed the malware targeting the folders containing web browser credentials. For now, the malware typically exhibits data-stealing capabilities and specifically aims for login credentials.

After stealing the desired information, the malware transmits it to its C&C over Telegram channels. Tracing the link unveiled the malware to have Russian origin.

Until the time of disclosure, the malware’s Telegram channels remained active, indicating the potential for this campaign to continue for long. Although, the fate of stolen login data presently remains unclear. However, the researchers suspect that the attackers may intend to sell the stolen credentials later on the dark web.

At present, the Zaraza bot campaign doesn’t seem to have one link only, as the bot is commercially available. Hence, any interested threat actors may purchase the bot for their own malicious campaigns.

Attribution link