A new trojan, dubbed Saefko, has been found for sale on the dark web with tools to steal credit card details, crypto wallets and more.
Researchers from the Zscaler ThreatLabZ team explained how the new remote-access trojan (RAT), Saefko, has multiple functionalities – thus presenting a unique business threat.
RAT is a type of malware that includes a backdoor for remote administrative control of the targeted computer. RATs are downloaded through a variety of methods, such as a user downloading an infected application or game, or even by a user opening an infected email attachment.
An intruder will just about be able to do anything on the targeted computer, as RAT enables administrative control, such as accessing confidential information, taking screenshots, formatting drives and logging user keystrokes.
Once Saefko successfully infects a machine, it stays in the background and executes every time the user logs in.
“It fetches the chrome browser history looking for specific types of activities, such as those involving credit cards, business, social media, gaming, cryptocurrency, shopping, and more. It sends the data it has collected to its command-and-control (C&C) server and requests for further instructions.
“The C&C instructs the malware to provide system information and the RAT will begin to collect a range of data including screenshot,videos, keystroke logs and more. The C&C can also instruct the malware to download additional payload onto the infected system.”
This type of malware provide intruders with the ability to steal a lot of data and spread through the networks systems without being detected.
Users must refrain from downloading programs or opening attachments from an unknown source, to protect systems from RATs. As well as blocking unused ports, turn off unused services, and monitor outgoing traffic.
“Attackers are often careful to prevent the malware from doing too much activity at once, which would slow down the system and possibly attract the attention of the user and IT.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.