Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed. The malware could
“The malware is being advertised on black market forums as “Masad Clipper and Stealer”. It steals browser data, which might contain usernames, passwords and credit card information.
The malware appears to be linked to another threat dubbed “Qulab Stealer”.
Crooks are advertising the malware on hacking forums as a stealer and clipper, the ‘fully-featured’ variant is offered for sale at $85.
Masad Stealer is distributed masquerading it as a legitimate tool or bundling it into third party tools, such as CCleaner and ProxySwitcher.
Attackers attempt to trick users into downloading the malware by advertising it in forums, on third party download sites or on file sharing sites.
Victims can also get infected installing tainted versions of popular software and game cracks, and cheats.
Once infected a machine, Masad Stealer will collect a wide range of data, including system info, screenshots, desktop text files, Steam Desktop Authenticator sessions, Cryptocurrency Wallets, browser cookies, usernames, passwords, and Credit Card Browser Data.
Once the malware has collected the information from the victims’ computers will zip them using a 7zip executable bundled within its binary, then it will
The analysis of unique Telegram bot IDs and
“Of the more than 1,000 samples we identified to be variants of this malware, there where 338 unique Telegram Command and Control bot IDs. From this data, we can estimate the number of threat actors – or at least the number of different campaigns being run using the Masad Stealer malware – and the size of their operations.” continues the report.
Juniper Threat Labs pointed out that Masad Stealer is an active threat and the malicious code is still available for purchase on the black market.
Experts also published a list of indicators of compromise (IOCs) with malware sample hashes and domains involved in the attacks.