Immortal Stealer
Malware developers do not always create malware that will be used in their own campaigns – instead, they sometimes opt to go for an easier monetization strategy. This is the case with the Immortal Stealer, a threatening application that is programmed to collect data from infected systems – the authors of the Immortal Stealer is not using it themselves and, instead, they are selling it to other hackers by using underground cybercrime forums. Advertisements for the Immortal Stealer also have been found on the Dark Web forum boards, so it would appear that the authors of the information stealer are looking to reach as many potential customers as possible.
The Immortal Stealer Malware is Sold on the Dark Web
Malware that is being sold to other hackers is referred to as 'commodity malware' commonly, and it is one of the most severe threats available – this is because it is difficult to predict its reach or the propagation methods that will be used to deliver it to potential targets. Since the Immortal Stealer may be used by both beginners and advanced cybercriminals, it is likely that a very wide range of tricks will be used to spread it online.
Often, commodity infostealers are rather limited in terms of functionality. But this is not the case of the Immortal Stealer, certainly – it can hijack information from a wide range of Web browsers, popular messaging clients and other applications. According to the ad published by its author, the Immortal Stealer is compatible with 24 Web browsers, and it can collect the following information from them:
- Autofill data.
- Saved credit cards.
- Saved login credentials.
- Cookie files.
The Immortal Stealer also targets several gaming platforms, the most popular of which is Steam. It also attempts to collect the session and data files related to various Minecraft launchers such as MinecraftOnly, LavaCraft, McSkill, VimeWorld and others. In terms of messaging applications, this infostealer will only try to hijack the session data of Telegram and Discord.
Apart from Browsers, this Stealer Targets FTP, Cryptocurrency and Gaming Software
Immortal Stealer targets the FileZilla FTP client and will try to collect the files 'recentservers.xml' and 'sitemanager.xml' that may contain data regarding the victim's FTP connections. Finally, the malware's author also has paid some attention to cryptocurrency – the Immortal Stealer will try to hijack the 'wallet.dat' file used by Bitcoin-Qt, a software utility used for Bitcoin wallet management.
Immortal Stealer also can scan the desktop and several user folders for specific files – txt, log, doc, docx and sql. If any files that use this file extension are found, they will be copied to a hidden folder and transferred to the attacker's server. Last but not least, the Immortal Stealer also will try to capture desktop and Web camera snapshots that will be stored on the stealer's control server.
Since Immortal Stealer may be used by anyone willing to purchase the product, it is impossible to pinpoint the exact propagation techniques that may be used to deliver it to potential victims. It is recommended to ensure your system's safety by using an up-to-date anti-malware service, as well as avoiding interaction with dodgy websites, services and files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.