Happy Wednesday everyone!
A "fully undetected #infostealer malware sample written in Rust" was identified by Trellix researchers while conducting a proactive hunt! The distribution should not come as any surprise, fraudulent gaming websites! This is not an old tactic and something that I have read about from many vendors (Remember, downloading cracked or "free" games from sites normally means you just aren't paying with money!). In this case, the "game" files were distributed as password-protected rar files which contained the stealer executable with some legitimate game-related files. This is another tactic that is commonly used to "assure" the user that they downloaded something legitimate.
The researchers also discussed the capabilities of the malware and here are just a few:
- It displayed a fake window to the user to fool them into it being a legitimate application.
- It terminates a list of processes, some that relate to browsers.
- Steals passwords, cookies, autofills, and saved credit card information from applications like Discord and Chrome.
- Drops a copy of itself in the \AppData\Roaming directory and saves a .lnkk file in the startup directory for persistence. The attackers link the executable and the .lnkk through registry keys so it can execute the .exe file properly.
Thanks goes to the researchers (who if you want tagged in here let me know!) for the great report and details! I hope you enjoy the read as much as I did and go check out the details I left out, its worth it! Happy Hunting!
Demystifying Myth Stealer: A Rust Based InfoStealer
https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/
Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday