WhiteSnake Stealer Evolves: This Malware Wants Your Passwords, Crypto, and More

Security researchers at SonicWall Capture Labs have uncovered a dangerous new variant of the WhiteSnake information stealer. This notorious malware is designed to plunder a vast range of sensitive data from infected machines, including passwords, browser history, cryptocurrency wallets, Wi-Fi credentials, and even screenshots and microphone recordings.

How WhiteSnake Operates

The updated WhiteSnake Stealer employs several stealthy tactics to avoid detection:

• Anti-Sandbox Tricks: It checks for the presence of virtual machines or sandbox environments, which are often used by security researchers. If detected, the malware will terminate to hinder analysis.
  

  Performing AntiVM check

• Under-the-Radar Execution Once installed, the WhiteSnake Stealer can be configured to maintain persistence, quietly restarting itself at regular intervals to continue its data theft.
  

  Stealer code for persistence and deleting itself

• Data Theft Arsenal: This new variant has a vast appetite for information, specifically targeting:
  • Web browser data (passwords, cookies, history, autofill information)
  • Cryptocurrency wallets and browser extensions
  • Email client data
  • System information (username, machine name, OS, hardware details)
  • Wi-Fi credentials

Remote Control Capabilities

Beyond passive data theft, WhiteSnake grants attackers sinister remote access capabilities. An infected machine can be remotely controlled, with attackers able to issue commands such as:

• Uninstall: The malware can remove itself, potentially covering its tracks.
• Screenshot, Webcam, Microphone: Capture screenshots, photos, and audio recordings from the infected device.
• File Manipulation: Compress files, download files, and list running processes – actions that can lead to broader data theft or installation of additional malware.
• Keylogging: Record a victim’s keystrokes, potentially exposing highly sensitive logins and communications.

The Growing Threat of Info Stealers

WhiteSnake is a potent example of a growing trend in malware. Attackers are increasingly focused on info stealers due to their versatility and profitability. Stolen data can be used directly for financial gain, sold on the dark web, or leveraged for further attacks like identity theft and corporate espionage.

How to Protect Yourself

• Be Vigilant with Downloads: Exercise extreme caution when downloading software or attachments. Stick to official app stores and trusted sources whenever possible.
• Maintain Software Updates: Operating systems, browsers, and software often receive security patches. Keep your devices up-to-date to defend against known vulnerabilities.
• Invest in Security Software: A reputable antivirus or anti-malware suite can provide an extra layer of protection, often detecting stealthy threats like info stealers.
• Be Wary of Unexpected Behavior: If your device starts acting strangely, such as excessive slowdowns or unexpected program crashes, be suspicious. These could be signs of malware activity.

The ever-evolving nature of malware like WhiteSnake underscores the importance of ongoing vigilance and proactive security practices. Staying updated on the latest threats and taking steps to protect your data is essential in today’s digital landscape.