What to Know About Stealer Malware
As a Cyber Threat Intelligence Analyst, I have observed a spike in attacks utilizing stealer malware to harvest victims’ credentials, private data, browser history, cookies, and crypto wallet data from various browsers and/or applications on the victim’s machine. These stolen data are either sold on underground forums to whosoever wants to purchase them, or they are used by the threat actors themselves to carry out other cyber-attacks.
You are probably wondering, what is stealer malware? How do they work?
No need to worry, this article gives you an insight into stealer malware and why you should be wary of them, and of cause, safety measures.
So, what exactly is Stealer Malware?
Stealer Malware is a type of malware, as the name implies, that steals a wide variety of data including saved login credentials, credit card information, browser cookies, auto fill data, history, and download history from browsers and/or specifically targeted applications. These stealer malware are either sold as a form of Malware-as-a-service or developed by threat actors themselves.
Stealer malware have increasingly become more popular amongst cyber criminals as they are easily purchased or subscribed to and are also easy to configure. The malware does not always need some technical knowledge to configure and often have instructions on how to run and configure to the taste of whosoever purchases it; running on a target machine is thus easier.
Stealer malware have specially crafted binary that is configured to exfiltrate saved credentials from a wide variety of applications including browsers and applications when executed.
The most common stealer malware currently active this year alone are:
· RedLine Stealer
· Raccoon Stealer
· Vidar Stealer
· Infostealer
· BlackGuard Stealer
· Prynt Stealer
· BluStealer Stealer
· NjRAT Stealer
HOW DO THESE MALWARE WORK?
After infecting the target’s system, a stealer malware:
· Reads the user’s profile data of web browsers installed on the system
· Checks for saved credentials and cryptocurrency files/wallets, harvest all credentials, and saved data on the browser and applications installed on the system. It also checks and save information on the Operating System installed on the system and the system’s properties.
· Upon exfiltrating data from the victim’s browser using any of these stealer malware, the threat actor saves them in a file (which is mostly in a .txt file).
Afterwards, the threat actor then sells them on underground forums starting from $10 depending on the quantity of data exfiltrated and the threat actor.
HOW CAN YOUR SYSTEM GET INFECTED WITH STEALER MALWARES?
Your system can get infected in the following ways;
· Downloads from illegal websites: Getting infected with these malwares are commonly through downloads. When you download an application, cracked software, or anything from a shady website, you may unknowingly download these malwares on your system.
· Phishing: You can be tricked into downloading or clicking on a link with these malwares embedded in it by receiving emails from a threat actor impersonating your organization or someone you trust. You can also be targeted through spear phishing.
SAFETY MEASURES
· When you receive mails with links, analyze the links before clicking by using e.g., virustotal.com, to check the reputation of the link.
· Ignore emails you are not sure of.
· Do NOT download applications like APKs, cracked software, from illegal websites, as malwares could be hidden in them.
· Ensure you enable Multi-Factor Authentication (MFA) method on all your online accounts.
· Do NOT use similar passwords on all your online accounts.
· Do NOT save your login credentials on your browsers, instead, make use of password managers and lock them with a very complex password.
· Make it a habit of always clearing your cookies whenever you are done browsing. You can set your browser to always clear cookies whenever you exit the browser tab.
· Educate your employees, family, friends regularly on cyber safety tips as the human is the most vulnerable.
· Conduct phishing simulation on your employees regularly.
I hope this article is insightful for you. Thank you for reading.
