TLDR:
- Samstealer is actively attacking Windows systems to steal sensitive data.
- The malware targets browsers, applications, and cryptocurrency wallets to steal passwords and other information.
Cybersecurity researchers at CYFIRMA have recently identified a new .NET malware named “Samstealer” that is targeting Windows systems to steal sensitive data. The malware spreads through Telegram and focuses on stealing passwords, cookies, and other information from browsers like Chrome and Edge, as well as cryptocurrency wallets. The stolen data is saved in a temporary folder and converted into exfiltration files.
The malware specifically targets cryptocurrency wallets such as Bitcoin, Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electrum, AtomicWallet, Guarda, Coinomi, and more. Once the data is stolen, Samstealer empties temporary files, creates a “Backup.zip” file, erases the parent directory, and uploads it to gofile.io with a download link shared via Telegram.
It is essential for users to stay informed about emerging threats like Samstealer in order to enhance their defensive strategies and prevent possible intrusions that could compromise privacy and lead to data breaches. Recommendations include deploying advanced endpoint security, using robust antivirus/anti-malware software, regularly updating systems and security software, implementing network segmentation, training employees on identifying phishing tactics, monitoring for suspicious activity, enforcing application whitelisting, having an incident response plan, staying updated on the latest threats, maintaining regular backups, following least privilege principles, and building defenses based on threat intelligence.