Zaraza Bot Credential Stealer, or time to change the browser.

[lovesmayfamilis]

I didn't find a post about this news, so it's better to be warned and be armed.
The latest news says that a bot called "Zaraza bot" has been created that can steal passwords from 38 known browsers. To be precise, it seems that all these browsers are based on the Blink engine (correct me if I'm wrong about all 38).



And it is these browsers that have become the focus of attention for Russian hackers, who sell their bots through Telegram. This is sold on Telegram and uses the messenger as a command and control server (C2, C&C).

"Once the program extracts login credentials from online bank accounts, cryptocurrency wallets, email accounts, and other important websites, it immediately sends all passwords and data to the Telegram bot."
You may notice that the Firefox browser does not fall into the list of victims. And also think about installing Linux systems.


https://www.uptycs.com/blog/zaraza-bot-credential-password-stealer

[1715072697]

1715072697

[1715072697]

1715072697

[1715072697]

1715072697

[1715072697]

1715072697

[1715072697]

1715072697

[Nwada001]

The data that this bot is focused on stealing should be the data that is stored on those browsers, like the saved password options. Or are they also going after anything relating to passwords that are being typed using any of those browsers? 

It's always risky to save passwords on browsers; it's better to write them down on a piece of paper if you can't remember them.

Those password saver options are really a bad idea, because if your email used for any of those browsers is compromised, your entire saved password and the sites on which it was used will also be compromised. 
One should just avoid buying and using bots and apps from untrusted parties in order to be completely safe. 
No one knows what method these hackers might come up with next time. 
 
Thanks for the information ℹ️
 

[tranthidung]

The data that this bot is focused on stealing should be the data that is stored on those browsers, like the saved password options.

You should check and disable that option. It's risky. If you prioritize convenience (by saved password option and synchronization), you are taking risk.

It is bad practice as some people use a same password on different platforms. The advice is using unique password for each account and don't use a device in which you store your bitcoin, to connect it to many sites, expose it with Internet too much. The best is make that device air-gapped to save your bitcoins.

[Nwada001]

~snip~

You should check and disable that option. It's risky. If you prioritize convenience (by saved password option and synchronization), you are taking risk.

I don't save passwords on my browsers. I stopped doing that a long time ago. 

After I noticed one of my emails being compromised and some of my site data being breached, I stopped using those "save password" options. I know it's not safe, so I don't do it at all; it's one of the major targets of email hackers. Once they get into your mail, they will try to synchronize it with the browser and see users' browsing histories, then check the password saved. 

[tranthidung]

After I noticed one of my emails being compromised and some of my site data being breached, I stopped using those "save password" options. I know it's not safe, so I don't do it at all; it's one of the major targets of email hackers. Once they get into your mail, they will try to synchronize it with the browser and see users' browsing histories, then check the password saved.

You can check your email and see whether you should change its password or use an entirely new email.

• [Guide] How to know if your email address was part of any data breach.
• Are your passwords in the green?

Lastly, if you set up a recovery email address, you should check and change a password for that recovery email too. Those emails are linked together by your settings and if one email is compromised, you should be careful with other related emails.

[lovesmayfamilis]

In addition, it can be advised not only not to store passwords in browsers, but also to completely clear the entire browsing history and cookies when leaving them.
There is evidence that hackers have learned to extract passwords from cookies, as they are stored in the cache for some time (correct me again) and are not cleared immediately after visiting the site, which gives hackers time to get the password.

Credential-stealing malware is an integral part of the toolkit used by a wide variety of cybercriminals and other adversaries. While user account names and passwords are the most obvious targets of credential-stealing activities, the increased use of multi-factor authentication (MFA) to protect web-based services has reduced the effectiveness of that approach. Attackers are increasingly turning to stealing the “cookies” associated with credentials to clone active or recent web sessions—bypassing MFA in the process.

Cookie stealing: the new perimeter bypass

The reason for cookie theft is straightforward: Cookies associated with authentication to web services can be used by attackers in “pass the cookie” attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to web services without a login challenge. This is similar to “pass the hash” attacks, which use locally stored authentication hashes to gain access to network resources without having to crack the passwords.

[m2017]

In this list of ill-fated 38 browsers, almost all known and popular browsers. Wait, there is not enough firefox. Firefox - invulnerable to Zaraza Bot? (Upd.: I read the post to the end and saw the info about mozilla ).

A large variety of browsers suggests that for various kinds of tasks can be performed on different browsers. That is, for everyday surfing use one browser, for online purchases (when bank card data is entered, for example) - another, and for visiting dubious sites - you can use a completely different browser. The main thing is not to get confused among these browsers.

~snip

It is enough to set once in the settings not to save history and passwords, site data and cookies when the browser is closed. Or use incognito mode, in which all this is set by default.

[tabas]

Thanks OP.

It's always risky to save passwords on browsers; it's better to write them down on a piece of paper if you can't remember them.

Actually it's a common practice to save passwords on browsers because it's convenient. And with such intelligent bots, malware and info stealers/hackers. We all need to change this practice and avoid keeping our passwords in browsers. There's should be a logbook or notebook where we can keep all of these information for our own offline safekeeping.

[dkbit98]

The latest news says that a bot called "Zaraza bot" has been created that can steal passwords from 38 known browsers. To be precise, it seems that all these browsers are based on the Blink engine (correct me if I'm wrong about all 38).

This can be easily mitigated by using external password managers like open source KeePass or some similar alternative, there are versions for both desktop and mobile devices.
I stopped saving passwords and login details in browser years ago, and I would do the same for Firefox browser even if it's not directly affected by this bot stealer.
I am sure this affects mostly windows users, so switching to Linux would also protect you against threats like this.