KurayStealer Malware Steals Credentials

computer malware theft

Security researchers issued alerts and coverage concerning a new malware that is making the rounds. The threat is a credentials stealer that uses modified code from a malware builder.

The new stealer has been dubbed KurayStealer. Kuray is based on modified code, using a malware builder released in April 2022 by a Discord user going by the profile name "Portu". The malware builder itself is a codebase that aspiring new hackers can use and modify to suit their specific needs.

KurayStealer uses chunks of code and building blocks from a number of other password stealing strains of malware, some of them registered and documented by researchers after they found them on public code repositories such as GitHub.

The malware uses webhooks to automatically transfer data over a compromised Discord client. KurayStealer can scan the victim machine for tokens, passwords and stored IP addresses, rummaging through browser data and Discord settings and data, among over a dozen other apps it can scan for credential theft.

The Discord user who is in large part responsible for the KurayStealer malware, Portu, has done their best to cover their tracks, but that wasn't really good enough. Researchers have tracked the user down through breadcrumbs left on their Discord profile. Portu is believed to be a Spanish national and he is also likely to be working on a new version of their stealer malware.

May 17, 2022