"Chrome, Edge Browsers Targeted in Zaraza Bot Malware Attacks"

A new variant of the credential-stealing Zaraza malware has been collecting web browser login credentials from Google Chrome, Microsoft Edge, Opera, and Brave. Researchers warn that the threat actors behind the malware are using Telegram servers as their command-and-control (C2) platform to shuffle through stolen bank login information and cryptocurrency. According to Uptycs, Telegram is also used to distribute and promote the Zaraza malware. Researchers suspect that the campaign's operators are tied to Russia. Adversaries using the Zaraza bot have targeted almost 40 web browsers. Apple's Safari and Mozilla Foundation's Firefox browsers are absent from the list of browsers. The initial path or approach used by adversaries to infect targeted systems was not included in Uptycs' analysis. The Zaraza bot seems to be part of a larger criminal organization, with threat actors being able to purchase access to it through a centralized malware distributor. The adoption of Telegram as a C2 by threat actors is a continuing trend. According to Uptycs, attackers are attracted to Telegram because it allows them to deliver malware and move data while avoiding detection. This article continues to discuss researchers' findings regarding the new variant of the Zaraza malware.

SC Media reports "Chrome, Edge Browsers Targeted in Zaraza Bot Malware Attacks"