The malicious website only displays the fake Bitwarden download if a user accesses it via a Windows host. It is uncertain as to how traffic is being directed to this domain. bears a remarkable resemblance in theme with. NET executable that we have dubbed “ZenRAT”.Īt this time, it is unknown how the malware is being distributed, however historic activities that have masqueraded as fake software installers have been delivered via SEO Poisoning, adware bundles, or via email.įigure 1: Fake Bitwarden website, bitwaridencom. Packaged with a standard Bitwarden installation package is a malicious. The sample was initially discovered on a website pretending to be associated with Bitwarden, bitwaridencom, a very convincing lookalike to the real. On 10 August 2023, Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes shared a malware sample that was being distributed as a part of a Windows software installation package. Proofpoint Emerging Threats often receives tips from the community leading to the investigation and detection of novel malware. The malware is a modular remote access trojan (RAT) with information stealing capabilities. At this time, it is unknown how the malware is being distributed.The malware is specifically targeting Windows users and will redirect people using other hosts to a benign webpage.Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |