New malware has surfaced online that utilizes numerous functionalities attractive to criminal hackers. Identified as Jester Stealer, the malware has evolved to become a potent infostealer.
About Jester Stealer Malware
As Cyble Research Labs elaborated in their post, Jester Stealer malware typically aims at stealing important information, such as credentials, banking information/card details, cookies, crypto wallet addresses, and alike. Upon reaching the target device, the malware starts exfiltrating all the data to the threat actors.
While that is something every infostealer would do, Jester Stealer is unique in that it exhibits additional capabilities that enhance its maliciousness.
For instance, it encrypts connections via AES-CBC-256, redirects logs through Telegram bots, and has servers located in the Tor network. Moreover, it performs swift log collection in memory before exfiltration without writing on the disk.
The malware has various apps on its target list to steal the required data, including common messenger apps (like Signal, WhatsApp, Discord), email clients (such as Thunderbird), crypto wallets, password managers, and gaming software, and of course, web browsers.
It then attempts to upload the stolen data on Tor servers. But in case it fails at this point, Jester Stealer then tries to upload it to AnonFiles as an archived file.
Once the exfiltration completes, the malware deletes itself from the infected system.
Apart from the data-stealing capabilities, Jester Stealer also exhibits anti-VM and anti-sandbox features. These stealth capabilities make Jester Stealer malware an attractive opportunity for criminal hackers. Hence, it is gaining popularity on underground forums.
The malware has also undergone numerous changes, having the latest variant as the seventh update. It shows how the malware authors are making Jester Stealer a potent malicious tool for hackers.
Stay Vigilant
As for the end-users, the researchers advise them to avoid clicking on links in emails, avoid torrent downloads, keep the systems updated with a robust anti-malware, block malicious URLs, ensure password safety, enable automatic updates for system software and apps.
Organizations should train the staff for cybersecurity risks to avoid such issues that could lead to severe consequences.
