Distribution of Infostealer Made With Electron

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

AhnLab Security Intelligence Center (ASEC) has discovered an Infostealer malware strain developed using the Electron framework, which allows the creation of applications using JavaScript, HTML, and CSS. The malware is distributed through Nullsoft Scriptable Install System (NSIS) installer format. Once executed, it installs an Electron application that interacts with the operating system via Node.js, where the malicious behaviors are defined. The report describes two cases, one involving user information collection and the other uploading collected data to a file-sharing service. The malware strains are difficult to detect due to their Electron structure.

Date