The cybersecurity landscape faces a fresh challenge with the discovery of Agniane Stealer, a recently identified information stealer family, by the Zscaler ThreatLabz team. Unlike conventional cyberattacks, Agniane Stealer specializes in pilfering sensitive data such as credentials, session details, and system information from various sources, including browsers, tokens, and file transfer tools.
Of notable concern is its affinity for cryptocurrency extensions and wallets, exacerbating the potential scope of compromised information. The stolen data is channeled to command-and-control servers, enabling threat actors to exploit the pilfered data for malicious purposes.
Linking Agniane Stealer to the Malware-as-a-Service (MaaS) platform Cinoshi Project, the discovery underscores the increasingly intricate web of cyber threats. Cinoshi Project, previously identified in early 2023, shares several code structures with Agniane Stealer, suggesting a close relationship between the two.
This connection has facilitated the availability of Agniane Stealer for sale on various dark web forums. The malevolent actors responsible for Agniane Stealer employ packers to maintain and regularly update the malware’s functionality and evasion mechanisms.
A technical examination of Agniane Stealer delves into its multifaceted features and capabilities. Beyond stealing stored credentials from a range of sources, including web browsers, Telegram, Discord, Steam, WinSCP, and Filezilla, the malware also captures screenshots of users’ desktops and swiftly gathers system information.
The malware exhibits a particular appetite for cryptocurrency-related data, supporting an extensive array of crypto extensions and wallets. To evade detection, Agniane Stealer employs numerous tactics to outmaneuver anti-analysis tools like malware sandboxes and emulators.
