If you’re a Windows user, you may be at risk to a malicious remote access virus called ZenRAT, according to The Hacker News. The malware exists on fake websites claiming association with Bitwarden, an open-source password manager. When downloading links for Linux or macOS on the downloads page, windows users are directed to a different website and it installs a .NET executable, granting threat actors access to sensitive data.
While Windows users are the primary targets of the malicious software, non-windows users are also impacted. Upon visiting the website, they are led to open a duplicate article from opensource.com, ironically regarding how to secure passwords with Bitwarden.
What happens if the malware is launched? ZenRAT can then access a laundry list of personal information through their operating C2 server: the user’s CPY name, GPU name, operating system, browser credentials, applications and security software.
Information on how the trojanized version of the standard Bitwarden installation software is redirecting users has not yet been acquired.
While the sophisticated tactics of threat actors can be anxiety inducing, there are steps you can take to protect yourself from malicious acts. For one, always download software and applications from trusted sources such as play stores and manufacturer websites. If an application claims to be associated with a popular software, do the research first. Find out where it originated from and what people online have to say about it.
Cybersecurity threats are all around us, even if there are not tangible. Don’t wait for the worst-case scenario to happen to defend your information. We offer a free consultation that informs you of steps your company can take to become more secure. To get started, call 703-790-0400 or send us an email at firstname.lastname@example.org