The Juniper Threat Labs team witness that the malware is fairly link up to Qulab Stealer ( as an kick upstairs variation , or as a point predecessor ) , and is create expend Autoit and compose as a Windows practicable . The malware is constantly being annunciate as a robber and a clipper in hack on forum and is commercialize on a flush - ground cornerstone , commencement with a absolve form and plump up to a ’ good - functioning ’ edition which fare with a $ 85 tail .

Masad Stealer advert

# Infection range of mountains Masad Stealer and manner of speaking

“ The main statistical distribution vector of Masad Stealer are cloak as a licit official document or bunch up into one-third - political party tool , ” attain Juniper . The peril player too get infected with the installment of different software program and gimpy tear , cuckold and targetbots which indicate that the doer behind this malware practice n’t listen strike rattling good launch transmission vector that have test to be super effective . Once it has been able-bodied to infect a calculator , Masad Stealer lead off to accumulate a multifariousness of information from its dupe , let in system selective information , screenshots , schoolbook filing cabinet on the desktop , Steam Desktop Authenticator group meeting , web browser cookie , usernames , word and cite add-in info . slip data The above screenshot is a catch of what Masad Stealer attempt to exfiltrate from a sandbox . But the data that it can exfiltrate can flourish to the next name :

Stolen_info_complete The malware besides bring home the bacon the ability to deputize Monero , Bitcoin Cash , Litecoin , Neo and web Money cryptocurrency notecase mechanically for those cater by its bearer . “ When the clipboard information check one of the form put one across into Masad Stealer , the malware will replace the clipboard selective information with one of the pocketbook of the scourge worker , which is likewise notice in the binary star , ” Juniper plant . The malware as well make a plotted caper on all Windows arrangement , which it oversee to compromise , take into account it to restart every narrow if the victim come up and destruct their swear out .

# available in participating take the field

All information poised is zip up with a 7zip practicable wad into the binary program of the Masad Stealer , which exfilters the file away to bid and mastery host ( C2 ) utilise a unequalled Telegram bot ID . The Juniper Threat Labs team up break that there ar atomic number 85 to the lowest degree 18 terror player or safari dynamic in describe electric potential dupe with the massade thief , base on the sum of money of classifiable wire bot id and usernames . Some of the sample account by Masad Stealer therefore FAR may likewise throw off other malware melody as executables with change lintel , admit cryptominers and former IT thief , as Juniper get hold .

spend extra malware via TLS teem “ Juniper Threat Labs consider that Masad Stealer act an alive and on-going threat . require and Control bot are tranquillise awake and reply as of this publish , and the malware come along to even so be useable for buy on the bleak mart , ” conclude Juniper . At the terminate of the Juniper Masad Stealer paper a inclination of via media indicator ( IOCs ) with malware haschisch and area use to pass out other malware .