A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints.
CYFIRMA cybersecurity researchers have published a detailed investigation of the infostealer known as Yunit Stealer. Yunit Stealer employs JavaScript to include system utility and cryptography modules, enabling it to do activities such as system information retrieval, command execution, and HTTP queries. It persists on the target device by altering the registry, adding jobs via batch and VBScript, and, finally, by setting exclusions in Windows Defender.
When it comes to infostealing, Yunit is just as effective as any other malware. It can steal system information, browser data (passwords, cookies, autofill information, etc.), and bitcoin wallet information. In addition to passwords, it can keep credit card information that is kept in the browser.
Once the malware has gathered all of the data it deems useful, it will attempt to exfiltrate it via Discord webhooks or into a Telegram channel. It will also upload it to a remote site and provide
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: