Researchers have discovered a new remote access trojan that rummages through an infected device's Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information.

Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26 related to gaming activity, at least 71 pertaining to cryptocurrency value, at least 54 shopping and retail sites, and at least 30 business and finance sites, plus activity on Instagram, Facebook, YouTube, Google+ and Gmail.

The malware also gathers user application data, including details related to the Internet Relay Chat protocol, machine architecture, geographic location of the system, and the number of times the user has visited specific websites (e.g. Instagram and Gmail) or categories of websites (e.g. gaming sites and shopping sites). All of this information is that exfiltrated to the command-and-control server.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.