GrandSteal
GrandSteal is the name of a newly discovered infostealer that does not appear to share code with any of the previously known infostealer families. Surprisingly, some anti-virus engines report the GrandSteal as a variant of the Quasar RAT. Still, the two threats do not seem to have much in common apart from the fact that they are both able to collect information from the compromised host. One sample of the GrandSteal infostealer was discovered on a Russian domain, but this is not a sure sign that the threat originates from the Russian region, or targets users in the area.
GrandSteal – A Stealthy Infostealer Going after Browsers, Cryptocurrency Wallets, and Popular Messaging Applications
Often, infostealers like this one are sold on underground hacking forums, but we are yet to encounter any advertisements regarding the GrandSteal – this might mean that the authors of the infostealer intend to use it privately, and only against targets of their choice. In terms of functionality, the GrandSteal infostealer targets a rather diverse set of software suites:
- It targets Google Chrome and Chromium-based Web browsers and attempts to extract cookies, credentials, autofill forms and saved credit cards.
- It targets the Gecko Web browser engine and extracts credentials and cookies.
- The GrandSteal is compatible with a wide range of cryptocurrency wallets – Litecoin, Bitcoin, Litecoin-Qt, Bitcoin-Qt, Bytecoin, Exodus, Dash-Qt, Electrum, Ethereum and Monero.
- It collects FileZilla credentials from the software's XML configuration file.
- It attempts to extract RDP (Remote Desktop Protocol) login credentials.
- It extracts files from the user's folders – Desktop, Favorites and Personal.
- It attempts to hijack Telegram sessions and extract the Discord token of the user.
Infostealers are a rather simple malware, and users who keep their computers protected by a reliable and regularly updated anti-virus software suite can rest assured that their credentials will not be hijacked by the GrandSteal malware or similar threats.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.