NoMercy Stealer Scrapes Sensitive Information

NoMercy is the name of a newly discovered piece of infostealing malware.

The main distribution method for the new malware is phishing campaigns containing malicious attachments, with a supplementary distribution vector through malicious websites that offer fake cracks for software and games.

Even though NoMercy appears to be still under active development, it also has a robust feature set. The malware can scrape system information and send it back to its command and control servers. It has a keylogging module and can capture keystrokes. It can also use a microphone or camera connected to the system and record audio or snapshots through them.

Finally, it appears NoMercy also has a clipper module. Clippers are malicious components that allow the program to monitor and intercept certain strings that are discovered inside the system clipboard. This functionality allows for intercepting and redirecting crypto payments - a wallet string found in the clipboard can easily be replaced with the wallet string of the malware's owner and the victim will be none the wiser.

Infostealing malware should be taken very seriously, as a system compromised with an infostealer is practically completely exposed to the attacker, who can stay under the radar for a long time if adequate measures are not taken.

July 11, 2022