Friday, June 21, 2024

Hacker Selling Powerful SquirtDanger Malware in Underground Market that Take’s Screenshot, Steal Wallets & Browser Passwords

Newly discovered botnet malware called SquirtDanger is widely Distributing, selling, and trading in the global underground market and infect the victims to steal the sensitive information.

This Malware was created by the well-known Russian cybercriminal “TheBottle” who is actively creating dangerous malware families and selling it to underground forums.

Beside of this  SquirtDanger investigation, TheBottle creating several malware families, including Odysseus Project, Evrial, Ovidiu Stealer, and several others.

SquirtDanger is heavily obfusticated malware family that is written in C# (C Sharp) and has multiple layers of embedded code.

SquirtDanger Malware has an ability to perform following Malicious Activities.

  • Take screenshots
  • Delete malware
  • Send file
  • Clear browser cookies
  • List processes
  • Kill process
  • List drives
  • Get directory information
  • Download file
  • Upload file
  • Delete file
  • Steal wallets
  • Steal browser passwords
  • Swap identified wallets in the victim’s clipboard
  • Execute file

This Malware ability to steal Passwords from Chrome, Firefox, Yandex Browser, Kometa, Amigo, Torch, Opera.

Also has the ability to seek out wallets for various cryptocurrencies such as Litecoin, Bitcoin, Bytecoin, Dash, Electrum Ethereum, Monero.

The Malware coder “TheBottle” has placed this malware code in GitHub repository and that was confirmed by the Paloalto researchers based on the investigation.

Hackers Telegram Channel

A Group of Cyber Criminals are actively contributing to the most dangerous cyber crimes such as coordinating attacks, developing malicious code, and trading/selling access to several different botnets and builders.

A Telegram channel exposing A group of  900 individuals are helping each other for various cyber attacks most of whom appear to be Russian.

Also, this telegram group appears to be some interesting prolific actors who have developed most sophisticated Malware and selling into underground markets.

SquirtDanger Malware Infection Process

This Malware distributing as SquirtDanger.dll and Written in  C# (C Sharp) language to infect the target Victims and it schedules a task to run each and every min on the compromised computer.

According to PaloAlto Networks Investigation ,Once the installation phase has completed and the malware is found to be executed from the correct location, a new mutex will be created to ensure only one instance of the malware is run at a given time. The following two mutexes have been observed across all analyzed samplesOmagarable
  • Aweasome
  • DendiBotnet

Later SquirtDanger establish a communication over 119 unique C2 servers that were geographical to share the stolen data into malware author, at the same time it will attempt to obtain a list of additional modules to install.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles