Your browser may become a source of problems due to the new NS-STEALER virus.
Security company Trellix discovered a sophisticated new Java-based information theft tool that uses the Discord bot to steal confidential data from compromised hosts.
Malware called NS-STEALER is distributed through ZIP archives, disguising itself as hacked software. The ZIP file contains a malicious Windows shortcut file ("Loader GAYve") that acts as a channel for deploying the malicious JAR file, which first creates a folder named "NS-<11-digit_random_number>" to store the collected data.
Archive contents
The malware then saves screenshots, cookies, credentials and autofill data stolen from more than 20 web browsers, system information, a list of installed programs, Discord tokens, Steam and Telegram session data to the created folder. The collected information is then transmitted to the Discord bot channel.
Infection chain
The researchers noted that the sophisticated function of collecting confidential information and using X509Certificate to support authentication, allows malware to quickly steal information from victim systems using the Java runtime environment. The Discord bot channel is also effective as an EventListener for receiving filtered data within the campaign.
Security company Trellix discovered a sophisticated new Java-based information theft tool that uses the Discord bot to steal confidential data from compromised hosts.
Malware called NS-STEALER is distributed through ZIP archives, disguising itself as hacked software. The ZIP file contains a malicious Windows shortcut file ("Loader GAYve") that acts as a channel for deploying the malicious JAR file, which first creates a folder named "NS-<11-digit_random_number>" to store the collected data.
Archive contents
The malware then saves screenshots, cookies, credentials and autofill data stolen from more than 20 web browsers, system information, a list of installed programs, Discord tokens, Steam and Telegram session data to the created folder. The collected information is then transmitted to the Discord bot channel.
Infection chain
The researchers noted that the sophisticated function of collecting confidential information and using X509Certificate to support authentication, allows malware to quickly steal information from victim systems using the Java runtime environment. The Discord bot channel is also effective as an EventListener for receiving filtered data within the campaign.
