An updated version of the ObserverStealer known as AsukaStealer was observed to be advertised as malware-as-a-service that was capable of collecting data from desktop screenshots, Steam Desktop Authenticator application, FileZilla sessions, Telegram sessions, Discord tokens, browser extensions, and cryptocurrency wallets.
This year, on a Russian-language forum, the threat actor advertised AsukaStealer as a MaaS (Malware-as-a-service), providing an extensive list of features meant to steal confidential data from the targets.
AsukaStealer malware is written in C++ and has flexible options and a web-based control panel. The malware authors or developers used the same C&C infrastructure to host AsukaStealer and ObserverStealer.
Cyble Research & Intelligence Labs (CRIL) discovered a malware-as-a-service (MaaS) known as “AsukaStealer” on February 2, 2024.
The malware was sold on a Russian-language cybercrime forum, with the web panel version 0.9.7 being offered for USD 80 per month.
On January 24, 2024, the AsukaStealer was marketed on another famous Russian forum under an alternate pseudonym.
The stealer had certain noteworthy features, such as:
Functional features:
Configuration setup:
Multiple files that were interacting with the IP address “5.42.66.25” were discovered by researchers; VirusTotal had identified and flagged these files as ObserverStealer.
The AsukaStealer and ObserverStealer’s C&C panels have remarkably similar features.
The promoters of AsukaStealer MaaS also announced the termination of MaaS activities for ObserverStealer, which researchers noticed during the study in July 2023.
This suggests that the same threat actors created and managed both stealer malware.
Notably, this threat was classified by Symantec as File-based (Infostealer Trojan.Gen.MBT), Machine Learning-based (Heur.AdvML.B), and Web-based.
All products with WebPulse enabled covered the observed domains and IPs under security categories.
“Threat actors who are proficient in malware development and capable of hosting a sizable C&C infrastructure, continue to seize opportunities to offer malware-as-a-service (MaaS) to cater to underground communities and make profits within a short period of time”, researchers said.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…