- Aug 17, 2014
An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices.
The infostealer malware category has been on the rise for the past years as they provide a wide array of sensitive data collection and are easy to deploy.
According to an analysis from Cyble Research, Jester Stealer is an emerging threat that first appeared on cybercrime forums in July 2021. Since then, it has been updated seven times, with each version bringing new capabilities.
Jester Stealer is a multifunctional malware that combines the functions of a stealer, clipper, crypto-miner, and botnet.
It uses AES-CBC-256-encrypted communications, supports Tor network servers, redirects logs to telegram bots, and bundles stolen data in memory before exfiltration.
The data targeted by Jester includes the following:
In addition to the above, Jester Stealer can also grab screenshots, profile the host system to gather basic information, and also steals network passwords.
- Browsers: Passwords, credit cards, cookies, autofill data, browsing history, and bookmarks of 20+ web browsers
- Email clients: Thunderbird, Outlook, and FoxMail
- IM apps: Telegram, Discord, WhatsApp, Signal, and Pidgin
- Crypto wallets: Atomic, Coinomi, Electrum, Exodus, Guarda, Jaxx, Wasabi, Zcash, BitcoinCore, DashCore, LiteCore, MoneroCore
- Password managers: KeePass, NordPass, LastPass, BitWarden, 1Password, RoboForm, and ten more password managers.
- Gaming software: Steam sessions, Twitch, and OBS profiles with broadcasting keys
- VPN clients: Windscribe VPN, NordVPN, EarthVPN, ProtonVPN, and OpenVPN
- FTP clients: FileZilla, CoreFTP, WinSCP, and Snowflake