A new info-stealer, named Lightning Stealer, has been spotted in the wild. This type of malware poses a serious threat as cybercriminals can use it to get initial access to corporate networks.
What are its characteristics?
- According to Cyble Research Labs, Lightning Stealer is a .NET-based info-stealer that is capable of targeting over 30 Firefox and Chromium-based browsers.
- The data stolen from these browsers include passwords, cookies, and users’ history.
- It can also steal Discord tokens, as well as data from crypto wallets, Telegram, and Steam.
- The malware also exfiltrates the .txt and .doc files present in the ‘Desktop’ folder on the victim’s system.
- Unlike other info-stealers, Lightning Stealer stores all the stolen data in JSON format.
Other specifications
- The sensitive user data stored in Chrome-based browsers are present in an encrypted form. The malware estimates and gets the names of all files present in the ‘Browser-name\User Data\” folder. Later, it checks for the ‘Local State’ file that stores the encrypted keys for Chrome to decrypt the login data.
- Furthermore, Lightning Stealer only harvests data from crypto wallets associated with GetZcash.
- The malware then converts the wallet file’s content into Base 64 and saves them into a list.
Conclusion
Researchers indicate that Lightning Stealer is an emerging info-stealer that is likely to evolve in the future. As information stolen by such malware is sensitive, organizations should follow good security practices to thwart such attacks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_311933036.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_361732685.jpg)
