'Zaraza' Bot Targets Google Chrome to Extract Login Credentials'Zaraza' Bot Targets Google Chrome to Extract Login Credentials
The data-stealing malware threatens the cyber safety of individual and organizational privacy by infecting a range of Web browsers.
April 18, 2023

Using Telegram as its command-and-control (C2) mechanism, a new strain of malware, a bot dubbed Zaraza, is capable of extracting login credentials from a victim's open browser and saving them to a file, as well as taking screenshots of open windows to be saved in a JPG file.
First identified by the Uptycs threat research team, the new bot is capable of stealing credentials from 38 Web browsers, including Google Chrome, Microsoft Edge, and Opera, among others. Once it successfully infects a victim's computer, it sends the information to a Telegram server, where it becomes accessible to potential threat actors. It's believed that the Zaraza bot is linked to Russian hackers, evidenced by the use of the name "Zaraza" which means "infection" in Russian, the researchers said in their report outlining the malware.
The type of login credentials that it steals range from bank accounts to email accounts to online wallets, as well as other sensitive and valuable website targets. This information can provide attackers with the opportunity to commit severe crimes such as identity theft and financial fraud, as well as grant access to personal identifiable information (PII) and, especially in the era of remote work, business accounts. This variant of malware and what it allows attackers to do potentially opens the floodgates to financial loss and "reputational damage," according to the analysis.
"To protect yourself against this malware," the Uptycs researchers wrote, "you should update your passwords regularly, follow online security best practices such as using strong passwords and multi-factor authentication, and ensure regular software and security system updates."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023