Wavestealer | |
Type of Malware | Infostealer |
Country of Origin | France |
Date of initial activity | 2024 |
Associated Groups | Wave |
Motivation | Steals sensitive data from compromised systems. It targets web browsers, cryptocurrency wallets, credit card numbers, as well as data associated with messaging platforms like Telegram and Discord. |
Type of information Stolen | Financial Information, Browser Data, Cryptocurrencies, Communication Data |
Attack Vectors | Smishing. It's being actively distributed through popular messaging platforms Telegram and Discord. |
Targeted System | Windows, Android (iOS)? |
Overview
WaveStealer, a newly emerged sophisticated malware tool, is being distributed on platforms like Telegram and Discord for purchase at a low cost. This malware masquerades as video game installers and is designed to extract various types of sensitive data from compromised systems. It targets web browsers, cryptocurrency wallets, credit card numbers, and data associated with messaging platforms like Telegram and Discord. Additionally, WaveStealer can capture screenshots, enhancing its data exfiltration capabilities. This feature allows it to record sensitive information that may not be captured through keystrokes or traditional data theft methods. WaveStealer is offered as Malware-as-a-Service by a French-speaking actor called “Wave.” The threat actor has strong relationships with the groups behind Nova Stealer and Epsilon Stealer. Its capabilities include stealing passwords and crypto-wallets, injecting into Discord and Telegram, and finding backup codes. WaveStealer is relatively low-cost to purchase on the dark web, making it accessible to a wide range of cybercriminals, not just the highly skilled ones.Targets
Unsuspecting users of Telegram and Discord in Brazil.
