BlueStealer Malware Targets Cookies, Passwords, and Cryptocurrency Wallets
The BluStealer Malware is an information stealer whose activity increased rapidly in mid-September, infecting over 6,000 users in a single day. The criminals behind this project are propagating it through the use of phishing emails that ask users to download a harmless-looking file. However, the file is just a decoy for malicious scripts that aim to initialize the BluStealer Malware payload. Once running, this .NET malware will try to log and steal valuable information from the victim's machine and then exfiltrate it to the attackers.
Nothing Fancy About the BluStealer Malware
While the malware does pack some dangerous features, it is certainly not an advanced project. For example, it is common for high-profile information stealer to operate out of the computer's memory, minimizing the footprint they leave on the hard drive. This not only makes it harder to analyze the implant but could also help it evade certain antivirus scanners. BluStealer Malware, however, does no such thing – it drops its files on the computer's storage in order to run. Furthermore, the data exfiltration techniques it uses are not special at all – one of them relies on the SMTP (email) protocol and has been copied from the SpyEx project.
The other one is a basic Telegram bot, which is also fairly simple to implement – this feature might also have been copied from the criminals. The stealer functionality appears to have been written from scratch, and it enables the malware to perform the following tasks:
- Dump login credentials from the system profile, specific apps, and Web browsers to the credentials.txt file.
- Steal cookies from Google Chrome and Mozilla Firefox.
- Steal cryptocurrency wallet files and keys used by Jaxx, Bytecoin, ArmoryDB, Electrum, Atomic, and other wallet software.
- Grab files that use certain extensions – txt, rtf, xlsx, doc, docx, pdf, utc and archive them in Files.zip.
- Steal clipboard data and grab screenshots.
- Log keystrokes.
Needless to say, having this information stolen by cybercriminals is a major security concern. You should prevent the BluStealer Malware attack by using an up-to-date anti-malware software suite at all times.