#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Data Stealer | Breaking Cybersecurity News | The Hacker News

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

May 10, 2022
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers  said  in an analysis last week. "The stealer also steals data from various locations across the system and compresses it in a password-protected ZIP file." A 32-bit C# .NET-based executable with the name "saintgang.exe," Saintstealer is equipped with anti-analysis checks, opting to terminate itself if it's running either in a sandboxed or virtual environment. The malware can capture a wide range of information that ranges from taking screenshots to gathering passwords, cookies, and autofill data stored in Chromium-based browsers such as Google Chrome, Opera, Edge, Brave, Vivaldi, and Yandex, among others. It can also steal Discord multi-factor authentication toke
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

Apr 28, 2022
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the
New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers

New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers

Dec 03, 2021
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team  said  in a new report. "The parasite is used to steal data from eCommerce servers, also known as 'server-side Magecart.'"  A free and open-source software, Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. NginRAT, as the advanced malware is called, works by hijacking a host Nginx application to embed itself into the webserver process. The remote access trojan itself is delivered via  CronRAT , another piece of malware the Dutch cybersecurity firm disclosed last week as hiding its malicious payloads in cron jobs scheduled to execute on February 31st, a non-existent ca
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers

Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers

Jul 30, 2021
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number. By tricking the recipients into calling the number, the unsuspecting victims are connected with an actual human operator at a fraudulent call center, who then provides them with instructions to download the BazaLoader malware. BazaLoader (aka BazarBackdoor) is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems. First
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.