Researchers in the field of cybersecurity have discovered a new type of malware called Bandit Stealer, which specifically targets web browsers and cryptocurrency wallets. While it has primarily affected Windows systems thus far, there is a possibility that it could expand to other platforms like Linux. The malware is particularly concerning because it can elude detection, including bypassing Windows Defender, a security tool developed by Microsoft. The creators of Bandit Stealer continuously update its features, claiming that it will outperform other similar malware. It is important to note that researchers have not yet identified the individuals or group behind the malware, nor have they determined how the stolen information may be used. However, the stolen data could potentially be used for activities such as identity theft, data breaches, credential stuffing attacks, and account takeovers.
Bandit Stealer is built using the Go programming language, allowing it to run on multiple operating systems and evade detection more effectively. While it markets itself as an advanced information-stealer, it shares similarities with other stealers such as Creal Stealer, Luna Grabber, Kyoku Cookie token stealer, and Pegasus Stealer. It targets various internet browsers and can steal different types of data from victims, including usernames, IP addresses, details about the victim’s computer, and country codes associated with IP addresses. Additionally, it can compromise the security of a victim’s Telegram messaging app, potentially impersonating the compromised user, accessing private messages, and gathering associated data.
Bandit Stealer is persistent, meaning it remains active even after a system shutdown and continues to steal data whenever the infected computer restarts. Victims can unknowingly download the malware by visiting malicious websites or falling for phishing emails. The malware tricks users into opening seemingly harmless files, such as a Word document disguised as a memo expressing concerns about job performance. It can also masquerade as a counterfeit installer for a program called Heartsender, typically used for automated email sending in advertising and marketing.