For clarity this is windows malware, not a browser exploit.
Distributed as c++ payload, persists in Startup by writing itself there with the CopyFileA api, uses powershell to pull browser data from file system… This is windows malware that knows what files to look in for various browsers and then exfiltrates via telegram. I wouldn’t have titled it like this since it make it seem like a browser exploit instead of a ball of c++ and powershell but it’s neat that they cast such a wide net I guess. No mention so far of distribution method, initial exploit, or group attribution that I’ve been able to spot.
threaded - newest
Whew. Good thing I only have 2 of them fuckers installed.
Chrome, Edge, Tor, Brave, Opera, Opera GX, Yandex, Vivaldi, Chromium, Waterfox, Epic, Comodo, Slimjet, Coc Coc, Maxthon, 360 Browser, Falkon, and two lesser-known variants.
this article would be more helpful if they included info on how its spread… a grapic that suggests phishing and melicious website is kinda weak sauce.
For clarity this is windows malware, not a browser exploit.
Distributed as c++ payload, persists in Startup by writing itself there with the CopyFileA api, uses powershell to pull browser data from file system… This is windows malware that knows what files to look in for various browsers and then exfiltrates via telegram. I wouldn’t have titled it like this since it make it seem like a browser exploit instead of a ball of c++ and powershell but it’s neat that they cast such a wide net I guess. No mention so far of distribution method, initial exploit, or group attribution that I’ve been able to spot.
Original report from July: …blogspot.com/…/new-advanced-stealer-shuyal-targe…
Additional info: pointwild.com/…/shuyal-stealer-advanced-infosteal…