Wavestealer (Infostealer) – Malware

Overview

WaveStealer, a newly emerged sophisticated malware tool, is being distributed on platforms like Telegram and Discord for purchase at a low cost. This malware masquerades as video game installers and is designed to extract various types of sensitive data from compromised systems.

It targets web browsers, cryptocurrency wallets, credit card numbers, and data associated with messaging platforms like Telegram and Discord.

Additionally, WaveStealer can capture screenshots, enhancing its data exfiltration capabilities. This feature allows it to record sensitive information that may not be captured through keystrokes or traditional data theft methods.

WaveStealer is offered as Malware-as-a-Service by a French-speaking actor called “Wave.” The threat actor has strong relationships with the groups behind Nova Stealer and Epsilon Stealer. Its capabilities include stealing passwords and crypto-wallets, injecting into Discord and Telegram, and finding backup codes.

WaveStealer is relatively low-cost to purchase on the dark web, making it accessible to a wide range of cybercriminals, not just the highly skilled ones.

Targets

Unsuspecting users of Telegram and Discord in Brazil.

How they operate

WaveStealer is being actively distributed through popular messaging platforms Telegram and Discord.
It’s designed to infiltrate computer systems silently and remains undetected by most conventional antivirus programs.

Once installed, it monitors keystrokes and data entry on web forms, capturing everything from website logins to financial information entered during online transactions.

The malware then transmits this stolen data to remote servers controlled by cybercriminals.

References:

• WaveStealer: New malware distributed on messaging platformsLatrodectus