In a world increasingly dependent on digital transactions and cryptocurrencies, a new form of malware called “Bandit Stealer” has reared its head, threatening web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity firm, has raised the alarm over this stealthy, info-stealing malware developed using the Go programming language. This language choice suggests potential cross-platform compatibility, expanding the malware’s potential reach in the future.
A calculated malware approach
Bandit Stealer’s sophisticated programming allows it to function undetected on Windows systems by manipulating a legitimate Windows command-line utility program, “runas.exe.,” according to Trend Micro’s report. This maneuver enables Bandit Stealer to execute itself with administrative access, bypassing built-in security measures. However, Microsoft’s stringent access control mitigations have successfully thwarted unauthorized execution thus far, requiring proper credentials for administrator-level operations.
The malware operates with guile and precision. Bandit Stealer initiates a series of checks to ascertain whether it’s operating within a sandbox or testing environment. To cover its tracks and establish a persistent presence, it terminates processes associated with anti-malware solutions and modifies the Windows Registry. This groundwork allows it to launch a sweeping data collection spree, hoarding a wide array of information that ranges from personal and financial data stored in web browsers to crypto wallet details.
The expanding underground info-stealer market
Bandit Stealer’s propagation typically begins with phishing emails. These malicious emails contain a dropper file that opens a seemingly harmless Microsoft Word attachment, distracting while the malware quietly infects the system in the background. Alarmingly, it has also been distributed through fake installers, tricking users into unwittingly launching the malware.
This stealthy malware enters an evolving cybersecurity landscape where info-stealer marketplaces are booming. An explosive 670% increase in stolen logs available on underground forums was reported between June 2021 and May 2023. Cybersecurity experts suggest that Bandit Stealer’s emergence underscores the continuing evolution of stealer malware, propelled by the malware-as-a-service (MaaS) market.
“An entire underground economy and supporting infrastructure have developed around info-stealers, making it possible but potentially lucrative for relatively low-skilled threat actors to get involved,” warns Don Smith, vice president of Secureworks CTU.
The cryptocurrency space is on high alert as Bandit Stealer threatens digital security. The broad-reaching implications of the data these stealers collect — from identity theft, financial gain, and data breaches to credential stuffing attacks and account takeovers — reaffirm the necessity for enhanced cybersecurity measures in a digital age.
