Disclosures:
Professional Reviews

The reviews found on WizCase consist of evaluations conducted by community reviewers. These assessments take into account the reviewers' unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

WizCase is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we've partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

Wizcase contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on WizCase are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

Bandit Stealer: A New Malware Targeting Crypto Wallets And Web Browsers

Bandit Stealer: A New Malware Targeting Crypto Wallets And Web Browsers

Shipra Sanganeria
Published by Shipra Sanganeria on May 31, 2023

Bandit Stealer has been discovered by cybersecurity researchers that has the ability to target multiple web browsers and cryptocurrency wallets. At present, it’s focus is Windows, but the malware has the potential to target other platforms as it’s based on the versatile Go programming language, reports Trend Micro.

To infect a Windows device, it uses a command-line utility program called runas.exe that allows users to execute programs as another user with different permissions. This helps it to gain administrative access by bypassing security to collect any personal data of the user.

However, the malware has been failing in its attempt to use this tool. Microsoft’s strict access control mitigation prevents unauthorized use of this function as appropriate credentials are required to execute administrative-level actions. ‘’Bandit Stealer is not successful in utilizing it because they need to provide the appropriate credentials,’’ stated Trend Micro.

Bandit Stealer performs checks to see if it’s running in a sandbox, test, or virtual environment and for this it downloads a blacklist that contains hardware IDs, IP addresses, MAC addresses, usernames, hostnames, and process names. Once this check is complete, the malware terminates the blacklisted processes associated with anti-malware solutions. This process helps it to avoid detection in an infected machine.

Moreover, the malware also establishes persistence by creating a registry entry for autorun in Windows. With this modification, Bandit Stealer successfully starts collecting sensitive personal data from the targeted system including IP location, system configuration, country code and stored financial information from browser and crypto wallets. It can also access user’s Telegram account to perform various malicious activities like impersonation, etc.

This malware can be downloaded by users through attachments in phishing emails, fake installers or visiting malicious websites.

Researchers at Trend Micro have not associated any threat group with this malware on account of ‘’its recent emergence and limited data on its operation’’. However, they believe that this malware can be used by threat actors to carry out identity thefts, data breaches, and other malicious activities.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback