Monday, December 11, 2023

ZenRAT is the new cybersecurity threat posing as Bitwarden

Proofpoint, dedicated to cybersecurity and regulatory compliance, has identified a new malware called ZenRAT that spreads through fake Bitwarden password manager installation packages designed for Windows. ZenRAT, a modular Remote Access Trojan (RAT), has the ability to obtain private information.

Interface changes and visual tricks

The initial detection of this malware occurred on a website pretending to be an official password manager download source. The standard installation package downloaded from this site includes a malicious .NET executable that installs ZenRAT. It is important to note that this website only displays the fake Bitwarden download if the user is accessing from a Windows host.

Users with operating systems other than Windows accessing this domain are greeted with a different page. This page pretends to be “”, even cloning an article about Bitwarden written by Scott Nesbitt and actually published on the legitimate site. When Windows users click on the download links for Linux or MacOS, they are redirected to the real Bitwarden site ( Pressing the download button or the desktop installer for Windows will attempt to download the payload (Bitwarden-Installer-version-2023-7-1.exe).

Read Also:  Chatbots and artificial intelligence have revolutionized banking customer service

Proofpoint’s research team says:

It is common for malicious programs to be distributed through files that pose as legitimate application installers. Currently, we do not know how this specific malware is distributed, but it is usually delivered via SEO Poisoning, adware packages, or via email.

Recommendations for Online Safety

Proofpoint advises end users to download software exclusively from trusted sources and always verify that the domains hosting the downloads belong to the official website. Likewise, it is necessary to be careful with ads in search engine results, because this is one of the main causes of infections of this type, especially in the last year.

Read Also:  The conversion of carbon dioxide into sustainable fuels using solar energy

This warning is intended to inform users about the emerging threat of ZenRAT and to promote good online security practices. Staying informed and taking appropriate precautions is essential in today’s digital environment.

Nation World News Desk
Nation World News Desk
Nation World News is the fastest emerging news website covering all the latest news, world’s top stories, science news entertainment sports cricket’s latest discoveries, new technology gadgets, politics news, and more.
Latest news
Related news