Proofpoint’s cybersecurity sleuths just unearthed a sly new malware, putting on its best Bitwarden impression to pilfer precious data from unsuspecting users. Big kudos to Malwarebytes’ Senior Director of Threat Intelligence, Jérôme Segura, for giving them the heads up.
This digital menace, now labeled ZenRAT, is basically like that knockoff purse seller in a digital alleyway. Here’s the sneaky part: The culprits snagged the domain “bitwariden[.]com”, a crafty typo that’s eerily close to the real deal. In the tech world, we call this cheeky maneuver typosquatting. And they didn’t stop there. They meticulously crafted a website that’s the spitting image of Bitwarden’s. Tricky, right?
Windows 11 users, be careful
So, how did these digital tricksters spread the word about their deceptive domain? Proofpoint’s brainiacs are betting on tactics like SEO poisoning, malvertising, or the old-fashioned charm of social engineering.
Here’s the silver lining for Mac and Linux device fans: stroll onto the fake site and hit download, and you’ll be whisked away to a harmless page. But for Windows 11 users – it’s a trap! Click that link, and you’re rolling out the welcome mat for ZenRAT.
Once ZenRAT’s made itself at home, it dials up its command & control pals (or C2, if you’re in the know). This malware then goes on a data-hunting spree. Using crafty WMI queries, it’ll snoop around for your CPU name, GPU name, OS version (did we mention Windows 11 users should beware?), RAM stats, IP details, and even that antivirus software you’re running. And, oh boy, if you’ve stored credentials in your browser, ZenRAT’s snatching those too.
Proofpoint’s sage advice? Stick to trusted digital watering holes when downloading software. Yet, here’s the kicker: even the keen-eyed can be duped. Picture this: a sham Bitwarden ad sneaking onto Google. Given the doppelganger website and the sneaky URL, this scheme can reel in quite the catch.
As for the damage report? We’re still tallying up how many folks have been bamboozled into downloading this treacherous malware.