Subj : This destructive malware is targeting Windows users as a fake pas To : All From : TechnologyDaily Date : Wed Sep 27 2023 13:15:04 This destructive malware is targeting Windows users as a fake password manager, so beware Date: Wed, 27 Sep 2023 12:00:32 +0000 Description: A fake Bitwarden password manager is being distributed online. FULL STORY ====================================================================== Cybersecurity researchers from Proofpoint have recently discovered a new piece of malware that impersonates Bitwarden in an attempt to steal sensitive information from the victims endpoint. After being tipped off by Senior Director of Threat Intelligence at Malwarebytes, Jrme Segura, the researchers discovered that the malware, dubbed ZenRAT, was masquerading as a fake version of the popular password manager. The threat actors bought the domain "bitwariden[.]com" - a misspelled but deliberately similar domain to the legitimate site, in an technique known as a typosquatting - and built a website seemingly identical to Bitwarden's. Stealing data stored in the browser It is unknown how the attackers promoted the website, but the researchers suspect either SEO poisoning, malvertising, or social engineering as the most likely vectors. Whatever the case may be, when a victim visits the website with a Mac or Linux device, and click the corresponding download link, nothing malicious will happen. They will simply be redirected to a completely different, benign page. Windows users, though, will become infected with ZenRAT. After establishing a connection with its command & control server (C2), the malware will do a number of things, including gathering system information and stealing passwords. By using WMI queries, ZenRAT will try to learn the victims CPU name, GPU name, OS version, installed RAM, IP address and gateway, as well as any installed antivirus and other applications, Furthermore, it will steal all browser data, including any credentials stored there. While Proofpoint urges consumers to be careful when downloading software, and make sure theyre only getting it from trusted sources, the problem is that consumers can easily be tricked. With malvertising, its possible that a fake ad for Bitwarden ended up on Google - usually a trusted source. An untrained eye can easily miss the extra i in the URL, and with the website being almost identical to the legitimate one, the campaign can be quite successful. It is not known exactly how many people so far have downloaded the malware and lost their passwords and other sensitive data in the process. More from TechRadar Pro Top data breaches and cyber attacks of 2022 Here's a list of the best firewalls These are the best endpoint protection solutions right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-destructive-malware-is-targeting-w indows-users-as-a-fake-password-manager-so-beware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .