StressPaint
StressPaint is a spyware program that collects Web-browsing credentials, in particular, ones associated with Facebook, for unknown purposes. Its attacks also are applicable for compromising the accounts of other websites and your financial data theoretically. Have your anti-malware products delete StressPaint as soon as possible, change all potentially misappropriated passwords, and avoid the free software downloads that this threat's campaign uses for compromising new PCs.
Painting Your Way into a Self-Victimized Corner
Experienced threat actors are targeting Facebook users throughout the world by bundling specialized spyware with a free painting application that they promote by currently unknown methods. The spyware in question, StressPaint, is capable of exfiltrating data related to most Web-browsing activities but is limiting itself, so far, to compromising the associated Facebook accounts, which the con artists may be hijacking for propaganda, unsafe advertising, or other bad actions. StressPaint runs in the background while the user is distracted by a 'legitimate' program: Relieve Stress Paint.
The Relieve Stress Paint is a simple application that provides variable painting settings on a per-click basis, and its infrastructure includes a fake AOL.net domain for soliciting downloads from any new victims. Malware experts are highlighting high infection rates in Russia, Vietnam, and Pakistan as examples of how diverse and successful a StressPaint's campaign already is over a duration. Whenever the painting software loads, as well as upon each system restart, StressPaint also runs.
StressPaint's features include:
- The spyware uses a non-persistent set of modules for collecting Web-browsing cookies and login credentials (for now, only for Facebook). It deletes them after taking the data, which is one of the methods its threat actors are employing for concealing the software's presence versus anti-malware protocols.
- StressPaint contacts an Instagram profile for unknown reasons; it may be receiving instructions through that service for obfuscating its Command & Control infrastructure.
- StressPaint uploads the collected data to a conventional C&C server for the threat actors' exploitation. They also can access some general system and social media-related statistics, such as how many Facebook friends the user has.
Since StressPaint doesn't collect information directly, but, instead, takes it from copies of the target data, it may avoid some traditional means of detecting spyware. The complete functionality of its 'cover,' the painting software, also hides its background attacks from anyone at the keyboard.
Relieving the Stress of Poisoned Paints
While StressPaint is deploying itself against susceptible Facebook profiles, its open-source admin panel includes a still-developing support section for Amazon, and its payload is readily expandable to other sites. Malware analysts speculate that StressPaint is using the promotional activities of already-infected Facebook accounts, possibly in combination with spam e-mails, to spread to new victims. The widespread and rapid deployment of its campaign is non-localized and relevant to the citizens of nations around the world.
StressPaint is likely of being a professional product from a state-sponsored group of con artists or the work of a professional with significant experience within the spyware industry. If you have the Relieve Stress Paint on your PC, you should allow your anti-malware products to scan the computer and remove StressPaint immediately before changing any login credentials that may be in wrong possession. For infection prevention, avoiding free software downloads of the painting application should be sufficient for the campaign's current infection vectors.
Even something as simple as a painting program is rarely 'free.' As the con artists grow more sophisticated in disguising their spyware, PC users with any confidential information worth keeping to themselves will need to hone their competence at perceiving tactics like freeware downloads to an increasingly sharper edge.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.