Ailurophile: G DATA has sighted a new info stealer in the wild
Essential information
- Published
- 19/08/2024 13:39
- Modified
- 19/08/2024 13:59
- Tags
- 2024-08-19 ailurophile stealer credential-theft cryptocurrency theft exfiltration infostealer stealer
- Related entities
- 2 observables, 10 techniques (mitre), 1 malware
Description
G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon, Telegram notification channel, and optional payload delivery. The stealer targets popular browsers and can pilfer autofill data, cookies, passwords, browsing history, credit card details, and cryptocurrency wallet information. It employs commercial virtualization software for execution and steals specific file types containing keywords suggestive of sensitive data. The malware has different components for various functionalities like process termination, data collection, and optional payload delivery with Windows Defender disabling capability.