YUNIT STEALER

Tags

External References

• https://www.cyfirma.com/
• https://otx.alienvault.com/

Description

Yunit Stealer is a sophisticated malware targeting sensitive user data through credential theft and system manipulation. It employs advanced evasion techniques to bypass security measures, maintaining persistence on compromised systems. The malware performs comprehensive data extraction, including system information, browser data, and cryptocurrency wallets. It achieves persistence through registry modifications, scheduled tasks, and Windows Defender exclusions. Data exfiltration occurs via Telegram and Discord webhooks. The developer is likely a French speaker with ties to gaming platforms. The malware incorporates system checks, file management, and extraction of sensitive data like credentials and cookies. It uses obfuscation and geofencing capabilities to avoid detection and selectively operate based on geographic location.

Date