Flesh Stealer Malware Targets Browsers and Cryptocurrency Wallets

CYFIRMA has released a report on a new information-stealing malware called Flesh Stealer. This malware, written in C#, is designed to steal sensitive information from web browsers and cryptocurrency wallets.

Flesh Stealer is notable for its ability to bypass Chrome’s app-bound encryption, a security feature designed to protect sensitive user data. Additionally, the malware is equipped with anti-debugging and anti-virtual machine (VM) detection techniques, making it particularly resistant to analysis and reverse engineering.

As the CYFIRMA report states: “Flesh stealer employs anti-VM techniques to detect if it’s running in a virtualized environment. It checks physical memory characteristics, system speed, and BIOS version as indicators of a virtual machine. Additionally, the malware scans for specific strings such as, BOCHS, VMware, VirtualBox, Hyper-V, Qemu, to identify virtual environments. If any of these conditions are met, the malware will kill its activity to avoid detection and analysis.“

Flesh Stealer primarily targets popular web browsers including Chrome, Firefox, Brave, Edge, and Opera. It steals cookies, saved credentials, and browsing history. The malware extends its reach beyond browsers by compromising encrypted chat applications like Signal and Telegram, extracting locally stored databases and chat logs.

Furthermore, the malware gathers information about Plug and Play (PnP) devices connected to the infected system and logs them in a file named device.txt. It also utilizes the netsh command to extract Wi-Fi credentials, including authentication methods and encryption details.

Flesh Stealer has been promoted on Discord, Telegram, and underground forums since August 2024.

Rate this post

Tags: Flesh Stealer

Related Posts:

Leave a Reply Cancel reply