AsukaStealer: Analysis of a New Information-Stealing Malware
The cybersecurity landscape has a new and potent threat to consider: AsukaStealer. This Malware-as-a-Service (MaaS), identified by Cyble Research & Intelligence Labs (CRIL) on February 2, 2024, represents the latest evolution in the cybercriminal arsenal, advertised on a Russian-language forum with a rental price that belies its potential for havoc.
Login page of the AsukaStealer dashboard | Image: CRIL
AsukaStealer, a sophisticated malware, was first unveiled on a Russian-language cybercrime forum. For a monthly fee of $80, users gain access to this formidable tool, capable of infiltrating an array of personal and financial data. Written in C++, this malware poses a significant risk by collecting a wide range of sensitive data from infected systems, including:
- Browser Data: Credentials, saved payment information, browser extensions (from Chromium-based browsers like Edge, Chrome, and OperaGX, as well as Gecko-based like Firefox).
- Communication Apps: Discord and Telegram sessions and tokens.
- Cryptocurrency Assets: Credentials and data connected to cryptocurrency wallets and extensions.
- Additional Targets: Desktop screenshots, and Steam authentication credentials.
Detailed analysis by Cyble Research & Intelligence Labs (CRIL) reveals that AsukaStealer is likely a retooled version of ObserverStealer malware. Similarities in the command-and-control (C2) infrastructure and coding elements underscore this assessment. The threat actors appear to have rebranded their malicious platform while enhancing its capabilities.
Though a full understanding of distribution methods is ongoing, evidence indicates phishing is a likely vector. Once inside a system, AsukaStealer has the potential to:
- Facilitate identity theft and fraudulent activity.
- Provide crucial details for further targeted attacks.
- Increase vulnerability to system compromise via ransomware.
AsukaStealer illustrates the increasing availability and refinement of malicious tools available in MaaS offerings. Its connection to ObserverStealer serves as a cautionary reminder of the ever-present nature of rebranded and re-used malware within the threat landscape. Proactive user education and vigilant online practices are crucial for mitigating the damage of threats like AsukaStealer.
