Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Why is the malicious data collector so popular among hackers?
Experts are studying SapphireStealer — a malicious information collector on the platform .NET, which is gaining popularity in the cyber underground. This powerful tool has already attracted the attention of various cybercrime groups. It is actively modified and new versions are created for specific campaigns.
SapphireStealer's capabilities are broad: it collects information from the host, extracts data from browsers, takes screenshots, and sends the received information as ZIP files via the Simple Mail Transfer Protocol (SMTP). One of the most important goals is corporate credentials for accessing confidential documents. "Catch" is often resold to other hackers-extortionists or cyber spies.
This collector is not the only one in the arsenal of hackers. Over time, a whole ecosystem has developed that allows both financially motivated and state-owned groups to use similar methods for various types of attacks. We can say that SapphireStealer not only steals information, but also represents a new stage in the process of monetizing cybercrime.
SapphireStealer is particularly dangerous because of its open source code. Published in a free version at the end of December 2022, this code allows attackers to experiment with the program, improving it and making it less visible to antivirus programs. The developers have even added flexible methods for data exfiltration via Discord webhooks and the Telegram API.
No less interesting is another tool from the same author — FUD-Loader. This is a malware downloader on the platform.NET, which allows you to extract additional binaries from servers controlled by criminals.
A few weeks ago, Zscaler discovered a similar collector — Agniane Stealer. It also steals credentials and other sensitive information. The tool is sold on dark web forums and Telegram channels for $ 50 per month.
Information thieves such as SapphireStealer and Agniane Stealer are not only increasing the potential of cybercrime, but are also becoming more accessible and advanced. The constant development and adaptation of collector programs requires special attention and vigilance from cybersecurity specialists.
Experts are studying SapphireStealer — a malicious information collector on the platform .NET, which is gaining popularity in the cyber underground. This powerful tool has already attracted the attention of various cybercrime groups. It is actively modified and new versions are created for specific campaigns.
SapphireStealer's capabilities are broad: it collects information from the host, extracts data from browsers, takes screenshots, and sends the received information as ZIP files via the Simple Mail Transfer Protocol (SMTP). One of the most important goals is corporate credentials for accessing confidential documents. "Catch" is often resold to other hackers-extortionists or cyber spies.
This collector is not the only one in the arsenal of hackers. Over time, a whole ecosystem has developed that allows both financially motivated and state-owned groups to use similar methods for various types of attacks. We can say that SapphireStealer not only steals information, but also represents a new stage in the process of monetizing cybercrime.
SapphireStealer is particularly dangerous because of its open source code. Published in a free version at the end of December 2022, this code allows attackers to experiment with the program, improving it and making it less visible to antivirus programs. The developers have even added flexible methods for data exfiltration via Discord webhooks and the Telegram API.
No less interesting is another tool from the same author — FUD-Loader. This is a malware downloader on the platform.NET, which allows you to extract additional binaries from servers controlled by criminals.
A few weeks ago, Zscaler discovered a similar collector — Agniane Stealer. It also steals credentials and other sensitive information. The tool is sold on dark web forums and Telegram channels for $ 50 per month.
Information thieves such as SapphireStealer and Agniane Stealer are not only increasing the potential of cybercrime, but are also becoming more accessible and advanced. The constant development and adaptation of collector programs requires special attention and vigilance from cybersecurity specialists.
