The community frequently provides tips to Proofpoint Emerging Threats, allowing for the study and discovery of new malware. A malware sample that was being disseminated as part of a Windows software installation package was disclosed by Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, on August 10, 2023.
It is currently unknown how the virus is being spread, but in the past, activities that pretended to be bogus software installers have been sent by email, adware bundles, and SEO poisoning. The sample was initially found on bitwariden[.]com, a website that looked eerily similar to bitwarden.com while feigning affiliation with Bitwarden. A malicious.NET executable that we have named “ZenRAT” comes packaged with a typical Bitwarden installation package.