Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums and Telegram channels.

Priced at $100 per month, this malicious tool is gaining attention for its extensive capabilities and potential to wreak havoc on individuals and organizations alike.

According to a post shared by a ThreatMon on X, the malware is optimized to extract sensitive data from a variety of sources, making it a highly lucrative tool for cybercriminals.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Features of Nunu Stealer

Here are some notable features that make Nunu Stealer particularly dangerous:

1. Browser Data Theft
   The malware is designed to target Chromium- and Firefox-based browsers, where it can siphon critical information such as saved passwords, cookies, browsing history, and even stored payment card details.
2. Targeted Application Logins
   In addition to browsers, Nunu Stealer can compromise login credentials for popular applications such as Telegram, Riot Games, Epic Games, and Steam. This capability allows attackers to hijack accounts and potentially exploit them for financial gain or further attacks.
3. Cryptocurrency Wallet Theft
   Nunu Stealer is also tailored to steal information from cryptocurrency wallets, including Exodus, Atomic, and Electrum. With the popularity of digital currencies soaring, this feature poses a significant threat to crypto users.
4. “Full Undetected” Claim
   The malware’s creators boast that it is “Full Undetected,” claiming a 0/71 detection rate on antivirus platforms. If true, this would allow the malware to bypass most traditional security solutions, making it even harder to identify and mitigate.

The relatively low price of $100 per month significantly lowers the barrier for entry, enabling even inexperienced cybercriminals to access such advanced tools.

The trend of selling malware-as-a-service (MaaS), as seen with Nunu Stealer, continues to grow, creating new challenges for cybersecurity professionals and organizations worldwide.

To guard against threats like Nunu Stealer, experts recommend:

• Regularly updating software and antivirus solutions.
• Avoiding suspicious links and downloads.
• Implementing multi-factor authentication (MFA) for sensitive accounts.
• Monitoring network activity for anomalous behavior.

As threat actors become more sophisticated, raising awareness about such malware is critical. Organizations must adopt proactive cybersecurity measures to stay one step ahead in this ever-changing landscape.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide