A new info-stealer, named Lightning Stealer, has been spotted in the wild. This type of malware poses a serious threat as cybercriminals can use it to get initial access to corporate networks.
What are its characteristics?
According to Cyble Research Labs, Lightning Stealer is a .NET-based info-stealer that is capable of targeting over 30 Firefox and Chromium-based browsers.
The data stolen from these browsers include passwords, cookies, and users’ history.
It can also steal Discord tokens, as well as data from crypto wallets, Telegram, and Steam.
The malware also exfiltrates the .txt and .doc files present in the ‘Desktop’ folder on the victim’s system.
Unlike other info-stealers, Lightning Stealer stores all the stolen data in JSON format.
The sensitive user data stored in Chrome-based browsers are present in an encrypted form. The malware estimates and gets the names of all files present in the ‘Browser-name\User Data\” folder. Later, it checks for the ‘Local State’ file that stores the encrypted keys for Chrome to decrypt the login data.
Furthermore, Lightning Stealer only harvests data from crypto wallets associated with GetZcash.
The malware then converts the wallet file’s content into Base 64 and saves them into a list.
Researchers indicate that Lightning Stealer is an emerging info-stealer that is likely to evolve in the future. As information stolen by such malware is sensitive, organizations should follow good security practices to thwart such attacks.