SafeGuard Cyber, the leading provider of security and compliance solutions for today’s communication-based threats, is now able to detect the stealthy new info-stealer malware known as “Prynt Stealer.”
Prynt Stealer recently emerged as a powerful new info-stealer malware that can harvest user credentials and other important data from web browsers, messaging apps, VPNs, FTP applications and cryptocurrency wallets. The malware also contains a clipper tool for cryptocurrency payment theft, and a keylogger for ongoing password and other key information theft from the victim’s machine which could result in additional account compromises and other stolen information.
What Prynt Stealer Targets:
- Web browser data, including passwords, session cookies, autofill data, credit card information and search history. Stolen session cookies could also be used to target the web-based clients of business communication platforms. The malware affects Chrome-based, Firefox-based and MS Edge browsers.
- Messaging app passwords and other sensitive data, including Telegram, Discord and Pidgin. VPN and FTP application account credentials.
- Cryptocurrency wallet configuration files and databases, which allows the malware to steal the cryptocurrency. The malware also contains a “clipper” for redirecting cryptocurrency payments to the attacker’s address.
- Gaming app authorization files.
Detecting Prynt Stealer:
Although the malware has several stealthy design features that make it difficult to detect, SafeGuard Cyber’s security technology platform is able to instantly detect Prynt Stealer, even when obfuscated, across 30 communication channels, including email, messaging apps like Telegram and collaboration channels.
SafeGuard Cyber’s patented Natural Language Understanding technology also detects the social engineering language threat actors will use to distribute this and other types of malware in the initial phishing attack, whether it occurs over email, messaging apps or business communication platforms like Slack.
Threats to Business Communication Channels:
SafeGuard Cyber’s D7 Threat Intelligence Unit also warns that threat actors could use Prynt Stealer to directly target employee accounts on business communication platforms like Slack, as many of these applications have a web-based client. Attackers have a history of using stolen session cookies to infiltrate communication channels, as in the 2021 EA breach.
Attackers could also use Prynt Stealer to move laterally within an organization, after the initial compromise, by propagating the malware in these trusted communications channels. This would allow a threat actor to shift the attack from an individual compromise to an enterprise-wide attack.
For organizations that would like more information about the risks Prynt Stealer poses to business communication channels and messaging apps, read SafeGuard Cyber’s online explainer, “Prynt Stealer Malware Targets Messaging Apps.”