Bandit Stealer gains traction with its sophisticated capabilities

The newly discovered information stealer malware, Bandit Stealer, has gained traction among security researchers and cybercriminals because of its capabilities. The malware could target multiple web browsers and browser extensions related to crypto wallets and crypt wallet apps while bypassing security detections and analysis.

Moreover, the researchers claimed that the infostealer prioritises targeting Windows users, but its Go-language codebase could allow its operators to switch to other platforms.

 

The Bandit Stealer could exploit sessions to acquire sensitive information.

 

The Bandit Stealer steals the data of Telegram sessions and exploits it to have a preview of private messages or steal critical information from the infected accounts.

Researchers confirmed that the information stealer malware could harvest different data types, such as login credentials, credit card details, cookies, and web history, from well-known web browsers like Iridium, Chrome, Amigo, and MS Edge.

The malware could look for specific browser extensions related to cryptocurrency wallets, such as BitKeep, TronLink, Trust Wallet, and Clover Wallet. Bandit Stealer could also target cryptocurrencies like Litecoin, Electrum, Atomic, Exodus, Dash, Ethereum, and Bitcoin.

Researchers explained that the Bandit Stealer could infect a targeted device through phishing emails or careless downloads from sketchy websites. These methods could install and run the infostealer malware in multiple techniques.

The first technique is running anti-analysis checks and opening a seemingly safe Word document on the compromised device to fool users while the malware deploys. Second, another self-extracting file runs the file RUNFIRST[.]exe. Once the malware completes its anti-analysis check, it will open a non-malicious executable archive.

The last technique prompts a message about installing a simple app when the process executes the self-extractive file. Subsequently, the fake installer drops and operates the file containing the Bandit Stealer malware.

The Bandit Stealer is an information stealer malware with stealth and several other capabilities that target Windows OS. The malware developers’ employment of the Go language implies that they will further improve their malicious tools to target other operating systems.

Organisations should implement robust and layered security controls to strengthen the security infrastructure and mitigate the damage caused by this new infostealer.