FleshStealer: A New Infostealer Targeting Chrome & Mozilla Users

A new and highly sophisticated strain of information-stealing malware, dubbed FleshStealer, has emerged as a growing threat to internet users worldwide. Designed to exploit vulnerabilities in Chromium and Mozilla-based web browsers, this malware is capable of stealing sensitive data, including login credentials, cryptocurrency wallet details, and two-factor authentication (2FA) codes.

Key Highlights of FleshStealer

?? First detected: September 2024

?? Written in: C#

?? Targets: Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera

?? Steals: Credentials, crypto wallets, session tokens, 2FA codes, Discord tokens

?? Evasion Techniques: Encryption, virtualization detection, and obfuscation

?? Size: Lightweight (150-300 KB) for stealthy operation

How FleshStealer Operates

FleshStealer is a powerful malware that functions through a web-based control panel and leverages advanced Tactics, Techniques, and Procedures (TTPs) to infiltrate systems while evading detection. Here’s how it works:

Privilege Escalation (T1547):

• Bypasses User Account Control (UAC) by exploiting trusted Windows utilities.
• Gains administrative privileges by modifying registry keys to execute malicious scripts.

Defense Evasion (T1027 & T1497):

• Uses obfuscated strings and registry manipulation to avoid detection.
• Detects virtual environments and debugging tools, terminating operations if found.

Process Discovery (T1057):

• Scans for active browser processes to identify and extract stored user credentials.

Data Collection & Exfiltration (T1560 & T1567):

• Compiles authentication caches, session tokens, and other high-value files.
• Compresses and encrypts stolen data before sending it to command-and-control (C2) servers.

Why This Matters: The Impact of FleshStealer

The consequences of a FleshStealer infection can be severe:

Hijacking of email accounts, financial platforms, and crypto wallets

Bypassing 2FA protections, allowing unauthorized access

Restoring deleted Google cookies to monitor user activity or hijack sessions

Compromising Discord tokens, potentially leading to further attacks on victim’s contacts

Final Thoughts

FleshStealer is a serious cybersecurity threat, leveraging sophisticated evasion techniques to steal valuable data. Understanding how it works and taking proactive steps to secure your system is crucial.

What are your thoughts on this emerging malware? Have you encountered similar threats? Share your insights in the comments below! ??