Cybersecurity researchers have identified a sophisticated Java-based information-stealing malware known as NS-STEALER, which utilizes a Discord bot for exfiltrating sensitive data from compromised systems. The malware is disseminated through ZIP archives disguised as cracked software, containing a rogue Windows shortcut that deploys a malicious JAR file. Once activated, NS-STEALER creates a folder to store pilfered information, including screenshots, cookies, credentials, system details, and more. The captured data is then sent to a Discord Bot channel for exfiltration, showcasing the malware’s advanced capabilities, such as using X509Certificate for authentication, facilitating rapid theft of information from targeted systems.
The NS-STEALER’s infection chain involves legal-themed email lures in Portuguese, enticing recipients to click on malicious links that deploy a malicious installer to activate the malware. Concurrently, the developers of the Chaes (Chae$) malware released an update (version 4.1) with improvements to its Chronod module, focusing on stealing login credentials and intercepting crypto transactions. In an unusual twist, the developers included messages within the source code expressing gratitude to security researcher Arnold Osipov for helping them enhance their “software.” These developments highlight the evolving tactics of threat actors, blending advanced techniques with social engineering to deceive users and security researchers alike.
The NS-STEALER’s reliance on Discord as an EventListener for data exfiltration is noted for its cost-effectiveness. This discovery underscores the ongoing cat-and-mouse game between cybersecurity researchers and threat actors, with the latter continually refining their tactics. As malicious actors leverage more advanced methods, security experts face the challenge of staying ahead to protect systems from evolving threats. The NS-STEALER represents a concerning development in the landscape of information-stealing malware, showcasing its adaptability and sophistication in exploiting vulnerabilities.
