TerraStealer is a piece of malware that was advertised on hacker forums by a seller group known as Golden Chickens – they are believed to be the masterminds behind a large-scale Malware-as-a-Service (MaaS) operation used to supply high-profile cybercriminals with custom-built malware implants. The TerraStealer also is known under the names SONE or StealerOne. The first advertisements for it were published in 2017, and the implant has been involved in several large-scale campaigns since then.
The TerraStealer packs advanced anti-analysis techniques whose purpose is to hide its true purpose from anti-virus products. It also inspects the presence of malware debugging and analysis tools, making it more challenging for automated file scanning services to identify TerraStealer's threatening nature.
A Threatening MaaS TerraStealer Focuses on Web Browsers, Email Clients and FTP Credentials
The threat, as the name suggests, is meant to collect information from the infected computer. TerraStealer can fetch data from:
- Web browsers like Microsoft Edge, Internet Explorer, Google Chrome and Mozilla Firefox.
- Email clients like Microsoft Outlook and Mozilla Thunderbird.
- FTP clients like FileZilla and WinSCP.
Although the functionality of the TerraStealer is rather limited, it is entirely possible that customers of the Golden Chickens MaaS gang can pay to have a separate, enhanced version delivered to them. Artifacts related to TerraStealer's activity were recovered from previously infected systems that were used by point-of-sale devices and online stores.
Cybersecurity experts report that the TerraStealer shared many similarities with the TerraRecon malware when it comes to evading analysis and gaining persistence – however, the primary features and purposes of both implants are entirely different. Despite being a custom-built and advanced threat, the TerraStealer's attack should be easily prevented with the use of an up-to-date anti-malware tool and firewall service.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to TerraStealer may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.