Description
G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon, Telegram notification channel, and optional payload delivery. The stealer targets popular browsers and can pilfer autofill data, cookies, passwords, browsing history, credit card details, and cryptocurrency wallet information. It employs commercial virtualization software for execution and steals specific file types containing keywords suggestive of sensitive data. The malware has different components for various functionalities like process termination, data collection, and optional payload delivery with Windows Defender disabling capability.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 19, 2024, 1:39 p.m. | Aug. 19, 2024, 1:39 p.m. | Aug. 19, 2024, 1:59 p.m. |
Indicators
e04dbe0de745fc8026710034af6a00fc8dc38569440ce8ebebe74cd4dc0a6dc5
4d38d7c7161ccb08998f90079a565f32a296f1bf404001b9e6bbc4d4558d53fd
Attack Patterns
Ailurophile Stealer
T1600
T1548
T1552
T1114
T1555
T1554
T1564
T1083
T1056
T1003