Saefko RAT peeks at browser histories to help adversaries form optimal attack plan | SC Media

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan | SC Media

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information.


Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26 related to gaming activity, at least 71 pertaining to cryptocurrency value, at least 54 shopping and retail sites, and at least 30 business and finance sites, plus activity on Instagram, Facebook, YouTube, Google+ and Gmail.


The malware also gathers user application data, including details related to the Internet Relay Chat protocol, machine architecture, geographic location of the system, and the number of times the user has visited specific websites (e.g. Instagram and Gmail) or categories of websites (e.g. gaming sites and shopping sites). All of this information is that exfiltrated to the command-and-control server.


Written in .NET, the malware is capable of accessing and exfiltrating sensitive information, keylogging, capturing screenshots, activating the webcam, formatting drives, downloading additional programs, and more, according to Zscaler ThreatLabZ team researchers, who discovered the threat for sa ..

Support the originator by clicking the read the rest link below.