Friday, March 29, 2024
HomeSECURITYInformation thief Bandit Stealer attacks Windows-based computers

Information thief Bandit Stealer attacks Windows-based computers

-


Information thief Bandit Stealer attacks Windows-based computers

Infostealer written in Go language gives attackers the potential to conduct cross-platform malicious operations

New stealthy malware capable of stealing information from browsers and cryptocurrency wallets attracted attention cybersecurity specialists Trend Micro. The malware is called Bandit Stealer and is developed in a programming language Gowhich hypothetically allows it to work across platforms.

So far, the Bandit Stealer only attacks Windows, using the legal command utility “runas.exe”, which allows you to run programs on behalf of another user with a different list of system privileges. The main goal of hackers when using “runas.exe” is to gain administrative access and bypass security measures to collect a large amount of data.

“Using the runas.exe command, users can run programs as an administrator or any other user with appropriate rights, providing a more secure environment for performing critical applications or system tasks. This utility is especially useful in situations where the current user account does not have sufficient rights to execute a particular command or program. report by Trend Micro, published May 26.

Bandit Stealer checks to see if it’s running in a sandbox or virtual environment and then terminates a number of system processes to hide its presence on the infected computer. The malware also provides persistence on the target system by modifying the Windows registry.

Bandit Stealer’s malicious activity includes extracting personal and financial data stored in browsers and cryptocurrency wallets. Malware spreads through phishing emails containing a downloader file that opens a harmless Microsoft Word office document for amusement, while the actual infection takes place in the background.

Data collected from stealth programs can benefit operators in many ways: it can be used for identity theft, financial gain, data privacy breaches, credential brute force attacks, and account takeovers. The stolen information can also be sold to other actors and serve as the basis for subsequent attacks, which can range from targeted campaigns to extortion or ransomware attacks.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular