HQ/EMEAFind out how we can help your business
A newly discovered variant of the Gremlin Stealer information-stealing malware has been observed being sold on Telegram.
Researchers stated that malware promotion primarily happens through a Telegram channel named CoderSharp. Despite being under active development, it can already steal data from various Windows applications, including browsers, clipboard contents, and local storage.
Moreover, this malware can target various sensitive information, constituting a significant security risk. Written in C#, Gremlin Stealer transmits stolen data to a web server for distribution.
The malware developers also engineered it to bypass detection solutions, such as Chrome’s cookie V20, and operate without downloading any content from the Internet.
The new variant of the Gremlin Stealer malware can nab various information.
According to reports, the Gremlin Stealer can gather data such as clipboard information, screenshots, device metadata (IP address and system specifications), and various credentials from browsers, cryptocurrency wallets, FTP services, and VPNs.
This comprehensive data collection enables the malware to capture a broad spectrum of personal and sensitive information.
After collecting the data, this new variant can also save it in plain text files within a folder under LOCAL_APP_DATA. These files are then compressed into a ZIP archive and sent to a server using a hard-coded Telegram API key.
Furthermore, the server, located at 207.244.199[.]46, supports uploading stolen data. The stolen data can be accessed through a web portal that hosts ZIP archives of the files. Those behind the malware can delete or download the victims’ information.
Researchers and other relevant parties are increasingly concerned about the malware’s expanding reach, as its use of Telegram for data exfiltration provides attackers with a reliable communication channel.
With its capability to steal various types of sensitive information, Gremlin Stealer represents a significant threat to both individuals and organisations. The malware’s ongoing evolution raises concerns that it could develop into an even greater danger if not promptly tackled.
