Multiple threat actors have adopted ‘SapphireStealer’ since the information thief’s source code was published on GitHub, according to Cisco Talos security researchers.
The information thief, which is written in.NET, can gather system data (including IP address, hostname, screen resolution, OS version, CPU and GPU information), screenshots, files with particular extensions, and cached browser credentials.
The threat was seen attempting to kill the processes of Chrome, Yandex, Edge, and Opera. Additionally, the malware looks for credential databases linked to 16 different browsers, such as Chrome, Edge, Brave, Opera, Comodo, and Yandex.
In order to prepare the harvested data for exfiltration, SapphireStealer dumps it into a working directory and creates a subdirectory to gather victim files.
Read More: Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.