VILSA STEALER

Tags

External References

• https://www.cyfirma.com/
• https://otx.alienvault.com/

Description

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programming language. The malware employs encryption to mask its runtime behavior and includes features for persistence, anti-analysis, and anti-VM detection. It utilizes the GoFile API for data exfiltration and incorporates additional malware like hvnc.py for remote access. The threat actor uses a specific URL for uploading stolen data to a remote server, which is similar to the 1312 Stealer. The malware's capabilities include bypassing UAC, adding system exclusions to Windows Defender, and stealing a wide range of sensitive information.

Date