CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its malicious code. It exfiltrates internet browser data, including credentials from various platforms and accounts, via Telegram bots. Developed by threat actors based in Vietnam, Braodo Stealer operates stealthily, collecting and archiving data before sending it to the bots. Author: AlienVault
Related Tags:
Braodo Stealer
T1606.001
exfiltration
Netherlands
T1064
Obfuscation
T1547.001
Czechia
Singapore
Associated Indicators:
F735C170CEE9E89C0318F266FC7469FDE40D19ECA406FBFA974B872A9B367A19
C15DEE4FE227D6311F612F3AACC86080E2F8C450AD3B78D1271603891EC61A52
BDE85DA1206FA48AC5A66818023A495BB03418A32A2936AFEF3CDB332A2BCE17
4C3B91CD25650A7E1EE80164FD0598CDBF64E75DDF4CE08141AEA42EE56CB134
F4F843853C7A08C08181516AE2A910DFEB712E32B4AB10DF23149D9F57AB581E
6EC111B78A9788FCBCA92DCC48B0D5F78D4DF6A5F8D0CE96390851E832EACE0D
4092FF03E7A69EFD728A0DD2A181FDEEF99DF6EBDF0E6F39140718E805EFE655
998BB0D396DBF2ED6A412737F040228B00782267D473CEAE502788451E076825
76C0693DCE55C0835AD73102541D4244B3B7EE91649890FACA85290B4F9AB005