Bandit Stealer: The new malware menace in the cryptocurrency space


  • Bandit Stealer is new malware targeting web browsers and crypto wallets.
  • It spreads via phishing emails and fake installers, collecting personal and financial data.
  • The rise of such malware underlines a thriving underground info-stealer market, raising cybersecurity concerns.

In a world increasingly dependent on digital transactions and cryptocurrencies, a new form of malware called “Bandit Stealer” has reared its head, threatening web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity firm, has raised the alarm over this stealthy, info-stealing malware developed using the Go programming language. This language choice suggests potential cross-platform compatibility, expanding the malware’s potential reach in the future.

A calculated malware approach

Bandit Stealer’s sophisticated programming allows it to function undetected on Windows systems by manipulating a legitimate Windows command-line utility program, “runas.exe.,” according to Trend Micro’s report. This maneuver enables Bandit Stealer to execute itself with administrative access, bypassing built-in security measures. However, Microsoft’s stringent access control mitigations have successfully thwarted unauthorized execution thus far, requiring proper credentials for administrator-level operations.

The malware operates with guile and precision. Bandit Stealer initiates a series of checks to ascertain whether it’s operating within a sandbox or testing environment. To cover its tracks and establish a persistent presence, it terminates processes associated with anti-malware solutions and modifies the Windows Registry. This groundwork allows it to launch a sweeping data collection spree, hoarding a wide array of information that ranges from personal and financial data stored in web browsers to crypto wallet details.

The expanding underground info-stealer market

Bandit Stealer’s propagation typically begins with phishing emails. These malicious emails contain a dropper file that opens a seemingly harmless Microsoft Word attachment, distracting while the malware quietly infects the system in the background. Alarmingly, it has also been distributed through fake installers, tricking users into unwittingly launching the malware.

This stealthy malware enters an evolving cybersecurity landscape where info-stealer marketplaces are booming. An explosive 670% increase in stolen logs available on underground forums was reported between June 2021 and May 2023. Cybersecurity experts suggest that Bandit Stealer’s emergence underscores the continuing evolution of stealer malware, propelled by the malware-as-a-service (MaaS) market.

“An entire underground economy and supporting infrastructure have developed around info-stealers, making it possible but potentially lucrative for relatively low-skilled threat actors to get involved,” warns Don Smith, vice president of Secureworks CTU.

The cryptocurrency space is on high alert as Bandit Stealer threatens digital security. The broad-reaching implications of the data these stealers collect — from identity theft, financial gain, and data breaches to credential stuffing attacks and account takeovers — reaffirm the necessity for enhanced cybersecurity measures in a digital age.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Axie Infinity
Subscribe to CryptoPolitan