Katz Stealer Threat Analysis
Essential information
- Published
- 26/05/2025 23:17
- Modified
- 27/05/2025 07:50
- Tags
- 2025-05-26 browser-targeting credential-stealer cryptocurrency discord-hijacking evasion techniques katz stealer process-hollowing uac bypass
- Related entities
- 34 observables, 17 techniques (mitre), 1 malware
Description
Katz Stealer is a sophisticated credential-stealing malware-as-a-service that targets multiple browsers, cryptocurrency wallets, and communication platforms. It employs advanced evasion techniques like geofencing, VM detection, and process hollowing. The infection chain involves obfuscated JavaScript, PowerShell scripts, and .NET payloads. Key features include browser credential theft, crypto wallet exfiltration, and Discord process hijacking. The malware also gathers system information, captures screenshots, and monitors clipboards. Detection opportunities include network traffic analysis, file system monitoring, and process behavior analysis. The analysis provides YARA and Sigma rules for detection, along with a comprehensive list of IOCs.