GrandSteal is the name of a newly discovered infostealer that does not appear to share code with any of the previously known infostealer families. Surprisingly, some anti-virus engines report the GrandSteal as a variant of the Quasar RAT. Still, the two threats do not seem to have much in common apart from the fact that they are both able to collect information from the compromised host. One sample of the GrandSteal infostealer was discovered on a Russian domain, but this is not a sure sign that the threat originates from the Russian region, or targets users in the area.
GrandSteal – A Stealthy Infostealer Going after Browsers, Cryptocurrency Wallets, and Popular Messaging Applications
Often, infostealers like this one are sold on underground hacking forums, but we are yet to encounter any advertisements regarding the GrandSteal – this might mean that the authors of the infostealer intend to use it privately, and only against targets of their choice. In terms of functionality, the GrandSteal infostealer targets a rather diverse set of software suites:
- It targets Google Chrome and Chromium-based Web browsers and attempts to extract cookies, credentials, autofill forms and saved credit cards.
- It targets the Gecko Web browser engine and extracts credentials and cookies.
- The GrandSteal is compatible with a wide range of cryptocurrency wallets – Litecoin, Bitcoin, Litecoin-Qt, Bitcoin-Qt, Bytecoin, Exodus, Dash-Qt, Electrum, Ethereum and Monero.
- It collects FileZilla credentials from the software's XML configuration file.
- It attempts to extract RDP (Remote Desktop Protocol) login credentials.
- It extracts files from the user's folders – Desktop, Favorites and Personal.
- It attempts to hijack Telegram sessions and extract the Discord token of the user.
Infostealers are a rather simple malware, and users who keep their computers protected by a reliable and regularly updated anti-virus software suite can rest assured that their credentials will not be hijacked by the GrandSteal malware or similar threats.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to GrandSteal may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.