January 22, 2024 at 07:18AM
Cybersecurity researchers have uncovered a new Java-based information stealer, NS-STEALER, which uses a Discord bot to extract sensitive data from compromised systems. The malware disguises itself as cracked software within ZIP archives and exfiltrates data to a Discord Bot channel. The threat actors behind the Chaes malware have released an updated version, featuring improvements to its Chronod module for stealing login credentials and intercepting crypto transactions. The malware is distributed through Portuguese legal-themed email lures.
Key takeaways from the meeting notes:
– Researchers have discovered a new Java-based malware named NS-STEALER that uses a Discord bot to exfiltrate sensitive data from compromised hosts.
– The malware is propagated via ZIP archives masquerading as cracked software and the ZIP file contains a rogue Windows shortcut file which deploys a malicious JAR file.
– NS-STEALER steals various data including screenshots, cookies, credentials, system information, and more from over two dozen web browsers, and then exfiltrates it to a Discord Bot channel.
– The threat actors behind the Chaes malware have released an update (version 4.1) with improvements to its Chronod module, responsible for stealing login credentials and intercepting crypto transactions.
– Infection chains distributing the malware leverage legal-themed email lures written in Portuguese to deceive recipients into clicking on links to deploy a malicious installer.
These are the main points from the meeting notes regarding the newsroom browser security and cyber threat discussed on Jan 22, 2024.