Home Malware Programs Trojans CStealer

CStealer

Posted: December 4, 2019

CStealer is the name of a newly discovered information collector that targets Windows systems exclusively. The purpose of info-stealers like this one is to retrieve the unsecured login credentials of its victims and then transfer them to a remote server or database that is under the control of the threat authors. Often, the data is exfiltrated via a Telegram bot or a basic HTTP or FTP connection. However, the authors of the CStealer have opted for a more experimental technique that may end up causing even more harm to the info-stealers victims – the data is extracted to a MongoDB database that has been set up by the attackers. The administrator credentials for the database are hardcoded in the binary of CStealer, and this means that anyone who disassembles the corrupted file may be able to obtain the login information needed to access the MongoDB database. Due to this, the authors of the CStealer malware are not the only people who may end up harvesting the login credentials of the threat's victims.

The CStealer Infos-Stealer may Expose Collected Credentials to Other Cybercrooks

While this data extraction technique is rather innovative, the CStealer malware does not shine with any other functionality. In fact, the current version is only able to collect login credentials from Google Chrome. Often, high-profile info-stealers go after FTP logins, Telegram sessions, Discord sessions, email clients and other Web browsers. While the scope of CStealer's attack is limited at the time of writing this post, it might still be under development, and it would not come as a surprise if the threat features are improved in the next version.

There is no accurate data about the methods used to spread the CStealer, but it is safe to assume that the author is relying on the typical malware propagation channels – torrent trackers, warez content, pirated media and software, fake downloads and spam emails. To protect your computer and your login credentials from CStealer, you should avoid visiting untrustworthy pages. Furthermore, it also is recommended to install and activate an up-to-date anti-malware application.

Related Posts

Loading...