Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
A three-day trial period and a referral system do their job.
In August of this year, researchers from Cyfirma discovered a new piece of malware in cyberspace aimed at stealing sensitive user data, such as passwords, browsing history and saved cookies. The information thief was named Ailurophile Stealer.
The threat actors behind this virus are spreading it through their own website, protected by Cloudflare, where they offer a free three-day trial period and a referral system, which contributes to its active distribution. To attract attention, hackers also place the infostealer on legitimate platforms such as GitHub or Giter.Club, where they describe in detail the features of their software, leaving their contacts for purchase.
Password Collection Demo via Ailurophile Stealer
The Ailurophile Stealer is particularly dangerous due to its system-injecting capabilities. The malware is automatically launched when the device is turned on, saving its files in the startup folder. In addition, it collects the missing DLLs needed for its functioning and starts extracting data from browsers.
The malware actively uses network interactions to communicate with external servers. In particular, it checks the device's IP address and establishes communication with C&C servers via the Telegram API, which allows attackers to covertly control the infected system and send stolen data.
According to preliminary data, the attackers are probably in Vietnam. This is confirmed by the information about IP addresses and time zone identified during the analysis.
The Ailurophile Stealer poses a serious threat to both companies and ordinary users by stealing important information through browsers and sending it to the attackers' servers. Experts advise strengthening data protection measures, regularly updating antivirus software, and being vigilant when working with unknown programs.
Source
In August of this year, researchers from Cyfirma discovered a new piece of malware in cyberspace aimed at stealing sensitive user data, such as passwords, browsing history and saved cookies. The information thief was named Ailurophile Stealer.
The threat actors behind this virus are spreading it through their own website, protected by Cloudflare, where they offer a free three-day trial period and a referral system, which contributes to its active distribution. To attract attention, hackers also place the infostealer on legitimate platforms such as GitHub or Giter.Club, where they describe in detail the features of their software, leaving their contacts for purchase.
Password Collection Demo via Ailurophile Stealer
The Ailurophile Stealer is particularly dangerous due to its system-injecting capabilities. The malware is automatically launched when the device is turned on, saving its files in the startup folder. In addition, it collects the missing DLLs needed for its functioning and starts extracting data from browsers.
The malware actively uses network interactions to communicate with external servers. In particular, it checks the device's IP address and establishes communication with C&C servers via the Telegram API, which allows attackers to covertly control the infected system and send stolen data.
According to preliminary data, the attackers are probably in Vietnam. This is confirmed by the information about IP addresses and time zone identified during the analysis.
The Ailurophile Stealer poses a serious threat to both companies and ordinary users by stealing important information through browsers and sending it to the attackers' servers. Experts advise strengthening data protection measures, regularly updating antivirus software, and being vigilant when working with unknown programs.
Source
