The arms race between cyber defenders and attackers is becoming increasingly intense in the ever-changing cybersecurity landscape.
Beyond the conventional concerns of viruses, spyware, and phishing scams, there is a more malicious and sophisticated threat: stealer logs. Cybercriminals are constantly refining their arsenals to penetrate personal and corporate defenses, with stealer logs and info stealers emerging as front-line weaponry. These sophisticated tools have transformed phishing attempts into extremely efficient schemes for mass data extraction.
Stealer Logs Defined
Infostealers and stealer logs are malicious software tools that steal sensitive data from infected computers. Passwords, credit card numbers, and other sensitive information kept on an infected device are the primary targets of info stealers.
They can collect this information in various ways, including logging keystrokes, taking screenshots, and directly accessing files and system information. Stealer logs, on the other hand, are extensive records generated by such malware that document the stolen data before it is forwarded to a remote server controlled by the attacker.
These technologies pose a serious threat to the cyber landscape because they allow cybercriminals to use illicitly obtained information to perpetrate fraud, identity theft, and targeted phishing assaults.
Infostealers’ ability to disguise themselves is particularly pernicious. Such malware successfully eludes detection by posing as ordinary PDFs, embedding themselves within legitimate-looking websites, or hiding in JPG files.
To avoid detection by antivirus products like Windows Defender, cybercriminals typically use crypters—software that encrypts, obfuscates, and manipulates malware. Infostealers pose a strong threat to the cyber landscape due to their level of deceit and complexity, allowing attackers to perpetrate fraud identity theft, and start sophisticated phishing campaigns using stolen information.
Case Study: Hospitality Industry Targeted
Findings
The researchers at Bolster found a pattern on the CheckPhish platform, indicating a surge in phishing websites for multiple significant brand travel and hospitality brands.
The fake domains mostly had keywords like “confirmation”, “transaction”, “guest”, “verification”, “query”, and ”secure”. The keywords were mainly attached with the brand name using “.” and “-” to register and create phishing websites.
Methodology
Step 1: Infostealer Execution
The attacker executes the infostealer on the hotel’s system, acquiring access to communicate with actual customers. Usually, customers are instructed to use official communication means, but this is worthless because the attacker may now have access to the official sites.
Step 2: Victim Acquisition
With trusted access, the attacker sends the victim a professional and urgent message that resembles authentic hotel contact. The message appears authentic because it is sent via the booking site’s messaging platform and includes a link for additional card verification to avoid booking cancellation.
Sometimes, similar-looking websites related to legitimate brands are used to share communication with the customers.
Step 3: Trapping the victim and getting data
The victim, hoping to secure their reservation, opens the link, which launches an executable encoded in a complicated JavaScript Base64 script. S
everal security validations are implemented as anti-analysis approaches. Successful validation takes the user to a phishing site masquerading as a brand’s payment page, which requests credit card information.
A smart-chat support channel often boosts the scam’s legitimacy, duping the victim into disclosing critical information.
Profiling the attacker
Bolster’s researchers identified MrAnon Stealer as being used to target the travel and hospitality sectors. Similarly, multiple HTML files were found during the investigation. The IOC’s are mentioned below:
MITRE ATT&CK
Understanding the tactics and techniques is critical for creating strong security measures and preventing potential threats. The Mitre heatmap and TTP for MrAnon Stealer are given below:
Impact & Mitigation of Stealer Logs
Conclusion: Protect Your Business, and Consumers, from Stealer Logs
Although advantageous, the fast transition to digital platforms provides fertile ground for cybercriminals skilled at exploiting holes for stealer log assaults. These sophisticated technologies are intended to secretly extract sensitive data, posing significant hazards to individuals and enterprises.
Stealer logs are a more subtle type of danger, gathering and transferring personal and financial information undetected, circumventing typical security procedures.
Proactive research and vigilant monitoring are critical in detecting and countering the activities of individuals who use stealer logs, especially with the introduction of novel attack vectors. Our findings highlight the significance of ongoing attention and the development of proactive solutions to combat these dangers.
Bolster’s AI-security anti-phishing and domain monitoring technology protects your business from evolving phishing threats. With continuous scanning technology and trained LLMs that quickly identifies threats and misuse of your branded assets, you can trust Bolster will protect your business.
See Bolster in action when you request a demo.
Appendix
