Security News > 2023 > August > SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations

NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants.

"Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional attacks, including operations related to espionage or ransomware/extortion," Cisco Talos researcher Edmund Brumaghin said in a report shared with The Hacker News.

An entire ecosystem has developed over time that allows both financially motivated and nation-state actors to use services from purveyors of stealer malware to carry out various kinds of attacks.

SapphireStealer is a lot like other stealer malware that have increasingly cropped up on the dark web, equipped with features to gather host information, browser data, files, screenshots, and exfiltrate the data in the form of a ZIP file via Simple Mail Transfer Protocol.

The malware author has also made public a.NET malware downloader, codenamed FUD-Loader, which makes it possible to retrieve additional binary payloads from attacker-controlled distribution servers.

The disclosure comes a little over a week after Zscaler shared details of another stealer malware called Agniane Stealer that's capable of plundering credentials, system information, session details from browsers, Telegram, Discord, and file transfer tools, as well as data from over 70 cryptocurrency extensions and 10 wallets.

News URL

https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html