CYFIRMA, a leader in cybersecurity research, has recently unveiled a troubling new threat in the form of an information-stealing malware named “SamsStealer.” This malware, a 32-bit Windows executable crafted in .NET, is adept at secretly extracting a range of sensitive data from victim systems. It specifically targets popular browsers and applications such as Discord, Chrome, and Microsoft Edge to pilfer passwords, cookies, and cryptocurrency wallet data.
Following data theft, SamsStealer compresses the information into a ZIP archive, uploads it to an online file-sharing platform, and sends the download link via Telegram to its controller. This malware’s stealth and comprehensive data extraction capabilities pose a grave threat to personal and organizational security.
SamsStealer casts a wide net, targeting a broad spectrum of applications and platforms to maximize its data collection potential. Popular browsers like Chrome, Microsoft Edge, and Firefox, along with communication platforms like Discord and Telegram, are all fair game. Even cryptocurrency wallets are not immune, as SamsStealer seeks to plunder valuable digital assets.
The stealer’s modus operandi involves a sophisticated blend of stealth and efficiency. Leveraging asynchronous operations and concurrent processes, it swiftly gathers a treasure trove of information, including passwords, cookies, session data, and cryptocurrency wallet credentials. To cover its tracks, SamsStealer compresses the stolen data into a ZIP archive and uploads it to online file-sharing services, discreetly delivering the download link to the attackers via Telegram.
CYFIRMA’s analysis reveals that the latest version, V2, of SamsStealer has expanded its capabilities, targeting an additional seven browsers and enhancing its data exfiltration methods. While the malware’s authors disingenuously claim it’s intended for educational purposes, cybersecurity experts warn that such tools are frequently exploited by cybercriminals for malicious intent. The group behind SamsStealer appears to be based in South Asia, with users predominantly communicating in Hindi, suggesting a regional origin.
This revelation underscores the ever-growing threat posed by information stealers. These malicious tools are readily available on underground forums and channels, democratizing cybercrime and making it accessible even to novice hackers. The potential for substantial financial gain, coupled with the relative ease of use, makes them a lucrative and attractive option for both seasoned cybercriminals and aspiring threat actors.
