Security News > 2020 > January > Oski Stealer Targets Browser Data, Crypto Wallets in U.S.
The fairly new malware, which has been dubbed Oski Stealer, is being advertised on underground cyber-forums, including several Russian forums, security researcher Aditya K Sood explained in a report shared with SecurityWeek.
Oski Stealer is being distributed via drive-by downloads, phishing attacks, and other standard infection methods, and acts as a native piece of software that can be installed on various systems.
Once it has infected a machine, the stealer attempts to retrieve sensitive information from both Chromium- and Firefox-based browsers, as well as from Filezilla and cryptocurrency wallets.
The malware is designed to extract credentials from registry, from the browser SQLite database, and by performing man-in-the-browser attacks by hooking the browser processes using DLL injection, as well as to extract stored session cookies, including wallets.
"Our research revealed that Oski stealer is in early stages but it is a very effective stealer. Oski stealer has been deployed successfully in the wild and already extracting sensitive data such as credentials from the browsers. The deployment that we analyzed was targeting specifically the North America region," Sood notes.