August Stealer

The August Stealer is an information collector, which targets more than just the saved login credentials in the user's Web browser. The people behind this threat seem to be very experienced in the hacking field since they have managed to implement modules that allow the August Stealer to execute the following operations:

• Identify and extract cryptocurrency wallets (including the 'wallet.dat' file) from the victim's computer.
• Seek for files using specific extensions and upload a copy of them to the attacker's control server.
• Collect saved credentials for popular FTP and messenger software (SmartFTP, FileZilla, Pidgin, LiveMessenger, Skype, etc).
• Evade security researchers by looking out for common security tools and halting its attack if such are detected.

While the core feature of the August Stealer is to collect cookies and logins from popular Web browsers, it is clear that its admins intend to aim for other valuable information as well. In addition to the sophisticated piece of malware, these people also have come up with a harmful distribution method, which involves fraudulent e-mail messages that target specific online businesses. The e-mail messages usually use a title, which describes a problem with a chargeback, purchased product, or other issues that are common with online shopping. By doing this, the attackers are likely to gain the attention of the victim immediately since the store administrator is likely to try and help as soon as possible. The fraudulent messages contain a macro-laced document, which supposedly carries additional information about the problem but, in reality, its purpose is to download, extract and execute the August Stealer's payload.

Since the August Stealer's attacks are not meant to cause havoc, victims are unlikely to notice anything out of the ordinary. This is why we recommend using a credible anti-malware application, which can help you stay safe while browsing the Web and ensure that your information will not get collected by a vicious attacker.