Saturday, June 15, 2024

Serpent Stealer Acquires Browser Passwords and Erases Intrusion Logs

Beneath the surface of the cyber realm, a silent menace emerges—crafted with the precision of the .NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion

Researchers at K7 Labs have analyzed the malware called “serpent.” This malware can bypass several security measures implemented in Windows, such as User Access Control (UAC), debuggers, and virtual machines.

It can also steal sensitive data, including browser data and passwords, and exfiltrate it using Webhooks and Discord abuse.

This information is significant for individuals and organizations looking to protect their systems from potential cyber threats.

Dive into the realm of a 64-bit portable executable, discreetly infiltrating systems with unparalleled stealth.

Witness the Serpent Stealer’s insidious data harvesting prowess. 

Like a digital plunderer, it raids Google Chrome’s autofill data, extracting personal details for potential identity theft. 

Delving further, it uncovers the user’s online history, a treasure trove revealing vulnerabilities and patterns ripe for exploitation.

The Webhook Courier of Stolen Secrets

Embark on a journey through the Serpent Stealer’s clandestine transmission route. 

Utilizing Discord webhooks, this digital courier discreetly ferries stolen data to the attacker’s command-and-control server, ensuring a seamless exchange of pilfered secrets, reads the report.

Explore the Serpent Stealer’s insatiable appetite for passwords. 

Beyond browsers, it infiltrates crypto wallets and gaming platforms, seeking to unearth login credentials that unlock doors to valuable assets, perpetuating its unrelenting data heist.

UAC Ballet

Uncover the sophisticated dance of evasion orchestrated by the Serpent Stealer. With a UAC bypass mechanism, it sidesteps Windows’ User Account Control safeguards, operating with elevated privileges and rendering security barriers powerless in its quest for sensitive data.

Peer into the Serpent Stealer’s utilization of Fodhelper.exe, a legitimate Windows component. 

Exploiting this trusted tool, the malware executes commands with administrative privileges, effectively disabling security barriers and perpetuating its stealthy presence.

IOCs

HashDetection name
e97868c8431ccd922dea3dfb50f7e0b5Password-Stealer  (005ac0721 )
a3c4785a011c350839669b8e73c823f5Password-Stealer (005ac0721 )
Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles