A new infostealer malware called Lightning Stealer has been discovered by cybersecurity researchers circulating in the wild. Based on reports, this latest addition to the threat landscape poses a significant threat as threat actors can utilise it to acquire initial access to targeted corporate networks.
According to the research team who identified the malware, the Lightning Stealer is an information stealer based in [.]NET, capable of targeting more than 30 Chromium-based browsers and Firefox.
The infostealer can also collect essential data from the targeted browsers, including passwords, user history, and cookies. It can also rob numerous internet currencies like Discord tokens, data from crypto wallets, Telegram, and Steam. It could exfiltrate the [.]doc and [.]text files inside a victim’s system’s ‘Desktop’ folder.
The Lightning Stealer is not the standard type of infostealer that will steal information from targeted devices.
What sets the Lightning Stealer apart from usual info stealers is that it can store its stolen data in a JSON format.
The fragile user data kept by the threat actors in the Chrome-based browsers are present in an encrypted form. The malware also predicts and collects the names of all files existing in the folder coded as ‘Browser-name\User Data\.”
However, the Lightning Stealer malware exclusively gathers data from a specific crypto wallet connected to GetZcash. The malware will then convert the wallet file’s content into a Base 64 and store them all into a list.
Researchers noted that the Lightning Stealer is an up-and-coming info stealer malware that will upgrade itself and evolve in the following months. Therefore, organisations should follow exceptional security hygiene to discourage such attacks as information stolen by these campaigns is overly sensitive.
The ever-growing cryptocurrency landscape has gotten the attention of numerous threat actors. It has encouraged malicious entities to develop new methods and tricks to gather significant items for monetary gains, cyber espionage campaigns, or future use.
Furthermore, since most users are currently using non-cash payments for everyday transactions, experts expect many malware such as Lightning stealer to appear.