The Top 3 Dark Web Trends in 2024 [VIDEO]
Learn how to automate financial risk reports using AI and news data with this guide for product managers, featuring tools from Webz.io and OpenAI.
Infostealers and the stealer logs they produce continue to pose a significant risk to individuals and organizations alike. The malware is designed to extract sensitive credentials such as passwords, wallets, and device information, which is later distributed as a stealer log across Telegram channels, datastores and dark web forums alike.
Through our constant monitoring of the deep and dark web, we identified a a previously undocumented infostealer. This new infostealer is distributing uniquely structured logs on the popular datastore Russian Market.
This blog provides an analysis of the stealer log extracted by this infostealer, while trying to focus on the information leaked and identifying compromised systems.
We first detected this stealer on the datastore Russian Market, where over the course of about a week over 4k logs were uploaded to the website. It seems as if this infostealer targets Windows systems.
Like most infostealers, Acreed seeks to extract user information, cookies, passwords, wallets and more. Unlike other stealer log files, this stealer provides a JSON file that outlines the amount of files gathered from each type:
The stealer log itself contains a few JSON files and folders. Among them are the pc_info.json file which details the main information about the infected device, a password.text file containing URL, logins and passwords and a folder containing cookie files.
From the observed samples, this infostealer extracts detailed system information including HWID, device and network IPs, username, as well as installed software and their version. The stealer log also provides an indication if the user has admin permissions, which can drastically increase the severity of the incident.
We also observed stolen credentials from almost all of the major browsers like Chrome, Edge and Firefox. The password files contain usernames and passwords from social media sites, email providers, steaming services and more. On top of that this file contains local network credentials, allowing deeper network access, as well as a possible synchronization with a mobile device due to the presence of android related credentials. Furthermore, cookies were also extracted from said browsers across various different types of websites such as Google and Microsoft services.
Both the cookies and passwords can be used maliciously to abuse online payments, gain unauthorized access to accounts, and ultimately, account takeover.
While the samples themselves were quite scarce, we can deduce from the log_info file provided in the log that the malware does have the potential to extract additional data such as wallets and credit cards.
The infostealer threat is greater than ever. While we have covered the top infostealers before, it is undeniable that new malware enters the field frequently. Without proper monitoring of the latest threats, your information might be exposed in an easily accessible stealer log and abused to execute attacks.
This risk can be minimized by using a dark web monitoring tool like Lunar, and actively using the data provided to mitigate the threat. To ensure maximum security for you and your data, enhance general security measures and increase awareness of scam messages and phishing.
Learn how to automate financial risk reports using AI and news data with this guide for product managers, featuring tools from Webz.io and OpenAI.
In this edition we dived into the dark web with Hagar Margolin, our top Cyber Analyst, to uncover how cybercriminals are using ChatGPT, Open AI's ChatBot that has taken the world by storm.
Watch our cyber team share their key insights from their investigations into the biggest dark web trends in 2022.