Home Malware Programs Trojans AB Stealer

AB Stealer

Posted: December 21, 2017

The AB Stealer is a spyware program that monitors data for uploading into a cybercrook's possession. Attacks of this nature may show few symptoms but can compromise passwords, usernames, keyboard commands or typing, the contents of your clipboard, or your Web-browsing history. Malware researchers suggest having anti-malware programs block or remove the AB Stealer immediately, if possible, and taking appropriate precautions for re-securing any accounts.

Your Passwords on Demand for Other People

Even though versions of the AB Stealer are identifiable going back to the previous year, some threat actors, apparently, are unsatisfied with the state of its C&C controls. Recent updates to this Trojan's admin features and UI could mean that new cybercrooks are planning on launching campaigns with the AB Stealer for data-collecting purposes, or renting the package's features out to others. Whichever possibility is real, the AB Stealer infections subvert the privacy of any PC they infect directly.

As the name might indicate, the AB Stealer is data-collecting spyware. It specializes in compromising passwords, which may include network logins, Web-browsing accounts specific to companies like Amazon or Bank of America, logins for gaming clients like Steam, and e-mail addresses. The threat actor can custom-generate a variant of the AB Stealer with its app-building tool and, then, control its activities over a network-connected Command & Control panel more specifically.

As a guideline, malware analysts recommend taking into account the following, possible attacks from an AB Stealer infection:

  • Keylogging features may record your keyboard's input passively, including copy-pasted data, to a log that the AB Stealer uploads to a cybercrook's server.
  • Web session-monitoring functions can identify when the user is trying to connect to a specific website, such as a bank's domain, and insert unsafe content (such as a redirect to a phishing portal that looks identical to the first site).
  • This threat also may search for and collect the contents of any password caches automatically, such as 'remembered' logins from popular Web browsers like Chrome or Firefox.
  • The AB Stealer may take screenshots to capture visual, non-typed data periodically; colloquially, this feature is 'screen-grabbing.'

Keeping Your Information Private against the Start of the Alphabet

Since none of the AB Stealer's features correspond with user-interface symptoms of any visibility, victims shouldn't try detecting or identifying the AB Stealer infections manually. Different groups of threat actors also may be carrying out a variety of the AB Stealer campaigns concurrently, which makes their potential infection vectors more difficult than usual to confirm. Spyware attacks can benefit from installation via EKs like the Rig Exploit Kit, Trojan droppers and downloaders like Zlob, and spam e-mails.

The general security protocols that malware experts recommend following include disabling advertisements and scripts in your browser, upholding secure password standards, and always scanning new downloads with a general-purpose anti-malware program. Users shouldn't anticipate an AB Stealer infection by any independently-recognizable program files or memory processes, which spyware eschews traditionally. However, anti-malware products include automatic protection against threats of this type and should delete the AB Stealer without letting it complete any of its information-collecting functions.

Unlike real, physical tools, the AB Stealer is a general-use program that its actors only can use for threatening ends. Any payload like the AB Stealer's 'one click' password theft is a danger that requires the users to take at least as many precautions before an infection as they do for cleaning up afterward.

Loading...