Zaraza Bot: The Multi-Browser Credential Stealer Being Offered on Telegram

The Uptycs threat research team has identified a new variant of credential-stealing malware, dubbed Zaraza bot, that uses telegram as its command and control. Zaraza is the Russian word for infection. 

“Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors,” cybersecurity company Uptycs said in a report published last week.

“Once the malware infects a victim’s computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately.”

Zaraza bot is a powerful tool created with C# programming language.

It is stored as a 64-bit binary file that can be easily installed on your computer. This amazing bot can effectively target up to 38 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex.

One of the impressive features of the Zaraza bot is its ability to capture screenshots of the active window, providing valuable insight into how your computer is being used. With this tool, you can keep an eye on your browsing history and monitor your internet activity.

This is a new type of malware that’s capable of capturing information for online bank accounts, cryptocurrency wallets, email accounts, and other websites that are valuable to its operators.

When login details are stolen, it creates a significant risk. Hackers can not only gain unauthorized access to the victim’s accounts, but also engage in identity theft and financial fraud.

Evidence collected by Uptycs indicates that the Zaraza bot is being sold as a commercial tool to other cybercriminals via a subscription model. However, it is unclear how the malware is being spread. Information stealers have previously used various methods such as malvertising and social engineering to distribute malware.

The findings come as TRU (eSentire’s Threat Response Unit) uncovered a GuLoader (aka CloudEyE) campaign targeting financial sectors through phishing emails that use tax-related bait to deliver information stealers and remote access trojans (RATs) like the Remcos RAT.

This trend is attributed to a surge in malvertising and search engine poisoning techniques to distribute a growing number of malware families. These tactics entice users searching for legitimate applications into downloading fake installers containing stealer payloads.

In a new analysis, Kaspersky, a Russian cybersecurity firm, revealed the use of trojanized cracked software downloaded from BitTorrent or OneDrive to deploy CueMiner, a .NET-based downloader that acts as a conduit to install a cryptocurrency miner known as SilentCryptoMiner.

The Russian Connection

Investigations into Zaraza bot have revealed a possible Russian connection. It is suspected that the malware was developed by a Russian-speaking group of hackers, who are now selling it on Telegram’s black market. This is not the first time that Russia has been linked to the development and distribution of cybercrime tools.

According to cybersecurity experts, the Russian cybercrime ecosystem is highly organized and sophisticated, making it difficult for law enforcement agencies to track down and prosecute those responsibly. This has resulted in a proliferation of cybercrime tools and services being sold on the dark web, including Zaraza bot.

Web Browsers Targeted by Zaraza Bot
Google Chrome
Mozilla Firefox
Microsoft Edge
Internet Explorer
TorchAre you one of the millions of people who use Telegram to stay connected with your friends and family? Take caution, as a new cyber threat has emerged on the messaging app. A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2).

Other targeted browsers include Maxthon, UC Browser, Slimjet, Comodo Dragon, and Falkon, to name a few. It is crucial to remember that any web browser can be vulnerable to malware attacks, so it’s crucial always to practice safe browsing habits.

Protecting Yourself Against Zaraza Bot and Other Credential-Stealing Malware

Credential-stealing malware like Zaraza bot can be devastating if it manages to infect your device. Here are some tips on how to protect yourself:

  • Keep Your Software Updated: Keep all your software, including your operating system, web browser, and antivirus, up-to-date with the latest security patches and updates.
  • Install Antivirus Software: Install reputable antivirus software that can detect and remove malware like Zaraza bot from your device.
  • Be Cautious of Suspicious Emails: Don’t open emails or click on links from unknown senders. Be especially cautious of emails that ask you to provide personal information or download attachments.
  • Use Strong Passwords: Use strong, unique passwords for all your accounts, and consider using a password manager to generate and store your passwords.
  • Enable Two-Factor Authentication: Enable two-factor authentication wherever possible to add an extra layer of security to your accounts.
  • Be Careful What You Download: Only download software or files from reputable sources. Avoid downloading files from unknown websites or peer-to-peer networks.
  • Regularly Back Up Your Data: Regularly back up your important data to an external hard drive or cloud storage service so you can easily recover your files in case of a malware attack.

3 thoughts on “Zaraza Bot: The Multi-Browser Credential Stealer Being Offered on Telegram”

  1. I loved even more than you could possibly be able to accomplish right here. The picture is beautiful, and your language is elegant; yet, it appears that you are rushing through it, and I believe that you ought to give it another shot in the near future. That is something that I will most likely do again and again if you protect this hike.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top