top of page

Zaraza bot: A credential-stealing malware being offered for sale on Telegram

A new credential-stealing malware called Zaraza bot is for sale on Telegram. The malware targets a large number of web browsers and is actively distributed on a Russian Telegram hacker channel popular with threat actors. Once the malware infects a victim's computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately. Zaraza bot is a 64-bit binary file compiled using C#. It is designed to target as many as 38 different web browsers, including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex. It is also equipped to capture screenshots of the active window. This is the latest example of malware that is capable of capturing login credentials associated with online bank accounts, cryptocurrency wallets, email accounts, and other websites deemed of value to the operators. Stolen credentials pose a serious risk as they not only allow threat actors to gain unauthorized access to victims' accounts, but also conduct identity theft and financial fraud. Evidence gathered by Uptycs points to Zaraza bot being offered as a commercial tool for other cybercriminals for a subscription. It is currently not clear how the malware is propagated, but information stealers have typically leveraged several methods such as malvertising and social engineering in the past.


bottom of page