Proofpoint researchers have observed an increase in cybercriminals using Stealerium-based malware, an open-source infostealer available on GitHub. Multiple stealers share code with Stealerium, including Phantom Stealer. Campaigns delivering Stealerium have used various lures and file types, targeting industries like hospitality, education, and finance. The malware can exfiltrate a wide range of data, including browser credentials, credit card info, and crypto wallet data. It uses anti-analysis techniques and can exfiltrate data through multiple channels like SMTP, Discord, and Telegram. The rise in Stealerium usage reflects the growing trend of threat actors pivoting to information stealers as identity theft becomes a priority. Author: AlienVault
Related Tags:
Phantom Stealer
Stealerium
Snake Keylogger
T1102.002
anti-analysis
data exfiltration
T1567.002
cybercrime
T1056.001
Associated Indicators:
E590552EEA3AD225CFB6A33FD9A71F12F1861C8332A6F3A8E2050FFFCE93F45E
B640251F82684D3B454A29E962C0762A38D8AC91574AE4866FE2736F9DDD676E
50927B350C108E730DC4098BBDA4D9D8E7C7833F43AB9704F819E631B1D981E3
D4A33BE36CD0905651CE69586542AE9BB5763FEDDC9D1AF98E90FF86A6914C0E
A00FDA931AB1A591A73D1A24C1B270AEE0F31D6E415DFA9AE2D0F126326DF4BB
E9FDC0060A78608B6768675F6473321F07350EE3
928623D974B49D989C30B968D8925172F18BED7B
86E5E63B28B53133E59E17CECC27B011
C742F9B4F1AD3336673662D7213A56CA