Distribution of Infostealer Made With Electron

May 1, 2024, 11:09 p.m.

Description

AhnLab Security Intelligence Center (ASEC) has discovered an Infostealer malware strain developed using the Electron framework, which allows the creation of applications using JavaScript, HTML, and CSS. The malware is distributed through Nullsoft Scriptable Install System (NSIS) installer format. Once executed, it installs an Electron application that interacts with the operating system via Node.js, where the malicious behaviors are defined. The report describes two cases, one involving user information collection and the other uploading collected data to a file-sharing service. The malware strains are difficult to detect due to their Electron structure.

External References

https://asec.ahnlab.com/en/64445/
https://otx.alienvault.com/pulse/663105b7aa3c9f64f4b6f653
Tags
infostealer
javascript
node.js
electron

Date

  • Created: April 30, 2024, 2:52 p.m.
  • Published: April 30, 2024, 2:52 p.m.
  • Modified: May 1, 2024, 11:09 p.m.

Indicators

  • 21e871b4b19be6a25d9674194bd0411a4374ca8693bd7f6af9ba1c34f57d18ab
Download all indicators here!

Attack Patterns

  • T1088
  • T1213
  • T1005
  • T1083
  • T1056