Monday, May 19, 2025
HomeComputer SecurityHacker Selling Powerful SquirtDanger Malware in Underground Market that Take's Screenshot, Steal...

Hacker Selling Powerful SquirtDanger Malware in Underground Market that Take’s Screenshot, Steal Wallets & Browser Passwords

Published on

SIEM as a Service

Follow Us on Google News

Newly discovered botnet malware called SquirtDanger is widely Distributing, selling, and trading in the global underground market and infect the victims to steal the sensitive information.

This Malware was created by the well-known Russian cybercriminal “TheBottle” who is actively creating dangerous malware families and selling it to underground forums.

Beside of this  SquirtDanger investigation, TheBottle creating several malware families, including Odysseus Project, Evrial, Ovidiu Stealer, and several others.

- Advertisement - Google News

SquirtDanger is heavily obfusticated malware family that is written in C# (C Sharp) and has multiple layers of embedded code.

SquirtDanger Malware has an ability to perform following Malicious Activities.

  • Take screenshots
  • Delete malware
  • Send file
  • Clear browser cookies
  • List processes
  • Kill process
  • List drives
  • Get directory information
  • Download file
  • Upload file
  • Delete file
  • Steal wallets
  • Steal browser passwords
  • Swap identified wallets in the victim’s clipboard
  • Execute file

This Malware ability to steal Passwords from Chrome, Firefox, Yandex Browser, Kometa, Amigo, Torch, Opera.

Also has the ability to seek out wallets for various cryptocurrencies such as Litecoin, Bitcoin, Bytecoin, Dash, Electrum Ethereum, Monero.

The Malware coder “TheBottle” has placed this malware code in GitHub repository and that was confirmed by the Paloalto researchers based on the investigation.

Hackers Telegram Channel

A Group of Cyber Criminals are actively contributing to the most dangerous cyber crimes such as coordinating attacks, developing malicious code, and trading/selling access to several different botnets and builders.

A Telegram channel exposing A group of  900 individuals are helping each other for various cyber attacks most of whom appear to be Russian.

Also, this telegram group appears to be some interesting prolific actors who have developed most sophisticated Malware and selling into underground markets.

SquirtDanger Malware Infection Process

This Malware distributing as SquirtDanger.dll and Written in  C# (C Sharp) language to infect the target Victims and it schedules a task to run each and every min on the compromised computer.

According to PaloAlto Networks Investigation ,Once the installation phase has completed and the malware is found to be executed from the correct location, a new mutex will be created to ensure only one instance of the malware is run at a given time. The following two mutexes have been observed across all analyzed samplesOmagarable
  • Aweasome
  • DendiBotnet

Later SquirtDanger establish a communication over 119 unique C2 servers that were geographical to share the stolen data into malware author, at the same time it will attempt to obtain a list of additional modules to install.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Printer Company Distributes Malicious Drivers Infected with XRed Malware

Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious...

Frigidstealer Malware Targets macOS Users to Harvest Login Credentials

An macOS users, a new information-stealing malware dubbed FrigidStealer has emerged as a formidable...

SSH Auth Key Reuse Uncovers Advanced Targeted Phishing Campaign

A meticulously orchestrated phishing campaign targeting Kuwait's fisheries, telecommunications, and insurance sectors has been...