Malware

Nocturnal Stealer malware harvests sensitive info

1 Min Read

Nocturnal Stealer malware is available for sale through Deep Web sources, for the low price of 25$.

It steals 28 different kinds of cryptocurrency wallets, FileZilla FTP saved passwords, and Chrome and Firefox information including logins, cookies, web data and autofill data. Also it provides various detailed information to attacker including, IP adress, OS, architecture and hardware information.

This malware utilizes anti-VM and anti-analysis techniques, so it is harder to research and dissect by security researchers. Nocturnal Stealer copies stolen information into plaintext files that are named “passwords” and “information”, when it starts up the communication with the C2 server, sending harvested information in multi-part HTTP POST form.

When harvesting and sending information to server is done, it runs a simple command that terminates itself from victim machine, and victim hardly can notice that information has been compromised by malware.

You Might Also Like

Ukrainian Man Extradited to US for Alleged Cybercrime Ring

The Antivirus Showdown: Bitdefender vs. Norton vs. TotalAV in 2024

Unmasking RedEnergy: The New Hybrid Threat in Cybersecurity

CISA Warns of Cyber Attacks on Ukraine

Advanced Persistent Threats (APTs): Decoding the Invisible Enemy

TAGGED:
Share This Article
Previous Article Facebook Enabled phone-makers to Access Personal Information?
Next Article Nmap reconnaissance tutorial: Episode 1.
Leave a comment