- New Bitcoin Exchange Hack - August 18, 2023
- Crypto Theft in New York – How a Moroccan Duped an American for $500,000 - August 17, 2023
- White Hacker Turns Black: $9M Crypto Heist - August 15, 2023
According to Trend Micro cybersecurity specialists, Bandit Stealer is a new virus that runs covertly and has the capacity to steal data from browsers and the digital currency wallets. Bandit Stealer, which was created in the Go programming language, has the capacity to function across several platforms.
Exploiting “runas.exe” and Employing Concealment Techniques
At the moment, Bandit Stealer has been focusing on Windows-based computers by leveraging the genuine command-line tool “runas.exe.” Hackers use this application to circumvent security barriers and get administrative access in order to acquire large volumes of data.
A Trend Micro study claims that “runas.exe” enables users to launch apps with administrative or other user permissions, creating a safe environment for crucial programs or system operations. It is especially helpful when a user’s existing account does not have the appropriate privileges to run particular commands or applications.
Bandit Stealer employs various techniques to conceal its presence and ensure persistence on infected computers. It checks if it is running in a sandbox or virtual environment and executes a series of system processes. Additionally, the malware modifies the Windows registry to maintain its foothold.
Bandit Stealer’s harmful actions include stealing personal and financial information from browsers and bitcoin wallets. The virus spreads via phishing emails with a downloader file that launches an apparently innocent Microsoft Word document to deflect attention while the infection is covertly taking place.
The data stolen by programs like Bandit Stealer can be exploited by threat actors in multiple ways. It can be used for identity theft, financial gain, data breaches, credential matching attacks, or account hijacking. Additionally, the stolen information can be sold to other malicious actors and serve as a foundation for subsequent attacks, ranging from targeted campaigns to extortion or ransomware attacks.