HQ/EMEAFind out how we can help your business
Bandit Stealer, a newly discovered malware, has garnered significant attention from cybersecurity experts due to its advanced features. This stealthy info-stealer threatens various web browsers and cryptocurrency wallets, causing major concerns.
Developed via the Go programming language, the concentrates on Windows operating systems, cleverly employing runas[.]exe, a legitimate command-line tool, to carry out its malicious operations under different user permissions.
The runas.exe command enables users to run programs with elevated privileges, ensuring a secure environment for critical applications or system-level tasks. This utility proves beneficial when the current user account lacks the necessary permissions to complete specific commands or programs.
Bandit Stealer aims to escalate privileges and achieve administrative access to bypass security measures and collect data effectively. However, Microsoft’s access control measures prevent the unauthorised execution of the malware as an administrator, imposing the provision of appropriate credentials.
The Bandit Stealer malware employs checks to detect sandbox or virtual environments and terminates blocked processes to conceal itself on compromised systems.
The infostealer malware spreads through phishing emails featuring a dropper file. The email attachment appears harmless as an MS Word document, aiming to divert victims while initiating the infection subtly. Additionally, a counterfeit Heart Sender installer has been identified as part of the scheme, leveraging the reputation of a service for automating spam email and SMS distribution. These deceptive tactic tricks users into unwittingly activating the embedded malware in their computers.
Bandit Stealer also ensures persistence on the system by modifying the installed Discord client. It accomplishes this by injecting JavaScript code specifically crafted to steal data from the application. This tactic allows the malware to gather data stealthily, highlighting its persistence mechanism’s innovation.
The rise of infostealers has led to a thriving underground economy supported by a robust infrastructure, enabling even less skilled threat actors to participate and profit from these activities.
While there have been efforts in global law enforcement to address this issue, cybercriminals remain adaptable in reshaping their strategies and avenues for exploitation, emphasising the constant need for coordinated action and vigilance in combating this evolving threat landscape.
