The Uptycs Threat research team has uncovered a new cyber threat targeting Italy, through a phishing campaign that deploys an information-stealing malware on unsuspecting victims' Windows systems. This malicious software is designed to steal sensitive information such as system details, cryptocurrency wallet information, browser histories, cookies, and login credentials of crypto wallets.
Diving into details
The multi-stage infection sequence begins with a phishing email containing a link that downloads a password-protected ZIP archive file with two files: a shortcut (.LNK) file and a batch (.BAT) file.
Opening either file launches the same attack chain, which fetches a batch script that installs an information stealer payload from a GitHub repository.
The payload is installed by leveraging a legitimate PowerShell binary also retrieved from GitHub.
Once installed, the C#-based malware gathers system metadata and information from multiple web browsers and cryptocurrency wallets, which is transmitted to an actor-controlled domain.
Information gathered
The info-stealer gathers system information such as serial numbers, system volume information, BIOS, disk drive, and processor.
In browser information, it pilfers bookmarks, credit cards, cookies, credentials, and downloads by comparing the hardcoded browser list.
Crypto wallets targeted by the malware include Bitcoin, Ethereum, Monero, Exodus, Dash, Zcash, Litecoin, Coinbase, BitClip, and Jaxx Liberty.
Info-stealers you should beware of
Vidar stealer resurfaced with sophisticated techniques to abuse popular social media platforms, including Telegram, Mastodon, TikTok, and Steam.
In December 2022, a huge number of info-stealers were found targeting the PyPI repository. Ten different stealer variants were observed being distributed via 16 packages that were downloaded more than a hundred times.
The bottom line
The world of cybercrime is constantly evolving, and one of the most dangerous and disruptive forms of malware out there today is the info-stealer. Like a stealthy digital burglar, these malicious programs sneak into your devices and networks to pilfer sensitive information, leaving you vulnerable to identity theft, financial fraud, and other devastating consequences. In conclusion, to combat malware attacks such as info-stealer, it is important to regularly update passwords and implement strong security controls with multi-layered visibility and security solutions - recommends Uptycs.