Epsilon Stealer Spread Though Malicious Game Mod

Epsilon is a malicious software designed with the intent to pilfer sensitive data. This malicious program specifically targets information stored in browsers, gaming applications, and various other software, including cryptocurrency wallets. The distribution of Epsilon has been observed in campaigns primarily directed at video game players. Notably, the malware was disseminated through a compromised mod package for the popular computer card game, Slay the Spire.

Once successfully infiltrating a system, Epsilon initiates the collection of pertinent device data. This includes the extraction and exfiltration of information from browsers, encompassing browsing and search engine histories, Internet cookies, stored login credentials (usernames/passwords), and saved credit card numbers.

Epsilon possesses the capability to gather information linked to messaging platforms. Specifically, it can self-inject into Discord and collect Discord tokens. The malware focuses on targeting various software related to video gaming, such as seeking to acquire data from Minecraft sessions.

Furthermore, Epsilon aims to obtain login credentials and other relevant information from cryptocurrency wallets and associated software like MetaMask.

It is crucial to note that malware developers frequently enhance their software. Consequently, potential future versions of Epsilon may have an expanded target list and additional or different capabilities.

What Are the Most Common Distribution Methods for Infostealing Malware?

Infostealing malware employs various distribution methods to infiltrate systems and collect sensitive information. Some of the most common distribution methods for infostealing malware include:

Phishing Emails: Cybercriminals often use phishing emails to distribute infostealing malware. These emails may contain malicious attachments or links that, when clicked, download and execute the malware on the victim's system.

Malicious Websites: Infostealing malware can be distributed through compromised or malicious websites. Users may unknowingly download malware when visiting these sites or clicking on seemingly harmless links.

Malvertising: Malvertising involves the use of malicious advertisements on legitimate websites. Cybercriminals may inject malware into online ads, and when users click on these ads, the malware is downloaded onto their devices.

Exploit Kits: Exploit kits are toolkits that target vulnerabilities in software and operating systems. Cybercriminals use these kits to automate the process of delivering malware to systems with known vulnerabilities.

Compromised Software: Malware can be bundled with legitimate software or distributed through compromised versions of popular applications. Users who download and install these applications unknowingly introduce the malware onto their systems.

Social Engineering: Cybercriminals may leverage social engineering techniques to trick users into downloading and executing malicious files. This can include deceptive messages, fake software updates, or enticing offers.

Drive-By Downloads: In a drive-by download, malware is automatically downloaded onto a user's device without their knowledge or consent. This can occur when visiting a compromised website or through the exploitation of browser vulnerabilities.