New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,524
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets.

"It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility," Trend Micro said in a Friday report.

The malware is currently focused on targeting Windows by using a legitimate command-line tool called runas.exe that allows users to run programs as another user with different permissions.

The goal is to escalate privileges and execute itself with administrative access, thereby effectively bypassing security measures to harvest wide swathes of data.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
854
Its high time that windows should in default restrict the admin rights and enable it only after asking for login password to be entered manually, like in Linux. This would at-lest make an unsuspecting user aware of something is requesting admin rights and that is to be suspected off.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
849
Its high time that windows should in default restrict the admin rights and enable it only after asking for login password to be entered manually
Never going to happen. Useability trumps security in Windows. What will happen is MFA/2FA with security keys for accounts. That's the way forward.

+ There are plenty of priv esc bugs/exploits out there making elevating to admin easy. So standard/restricted accounts are not the answer.
 
Last edited:
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top