Researchers at Uptycs have discovered a new data-stealing malware, the Zaraza bot, being sold via Telegram. According to experts, the malware is distributed in the Russian-speaking segment and is capable of stealing data from 38 different browsers. Upon infiltration of the victim’s computer, the malware extracts confidential data and transfers it to a Telegram server, where attackers can gain immediate access.
Zaraza bot is a 64-bit binary compiled with C#, designed to work with 38 different browsers, including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex Browser. It also has a feature for capturing screenshots of the active window, allowing it to steal login credentials associated with online banking, cryptocurrency wallets, email accounts, and other sites of value.
Uptycs reports that Zaraza bot is offered to cybercriminals as a paid subscription tool, though the cost is unknown. It is unclear how the malware is distributed, but infostealers typically use malicious advertising and social engineering.
