TLP: CLEAR

Distribution: Public

Type of Threat: Emerging Threat of Info Stealer Malware in Bangladesh

Date: 18 January 2024

Executive Summary

The BGD e-GOV CIRT Cyber Threat Intelligence Unit has observed a significant increase in a particular type of malware called stealer malware in the cyberspace of Bangladesh. These carefully crafted covert programs are adept in discreetly obtaining sensitive data, including login passwords, personal information, and secret data, from targeted systems. In addition to putting financial resources at risk, this breach also compromises personal and professional secrets, giving hackers the ability to plan identity theft, financial fraud, or illegal account access. The malware that has been found, namely RedLine Stealer, META Stealer, RisePro, LummaC2, and Raccoon, increases the risk of digital security on several platforms. In order to combat the growing threat of cybersecurity, this report's conclusion emphasizes the urgent necessity for proactive cybersecurity measures.

1. Sources of Alert: Threat intelligence research
2. Research Conducted by: Cyber Threat Intelligence Unit, BGD e-GOV CIRT
3. Threat level: High
4. Associated Malware/ Tools/ Techniques: RedLine Stealer, META Stealer, RisePro, LummaC2, Raccoon
5. Attack Surface: Windows, Android, IOS systems, Web Browser

Brief overview of the info stealer malware

An information stealer, also known as an info stealer, operates as a Trojan designed with the explicit purpose of extracting valuable information from a targeted system. The primary focus of these malicious entities is the gathering of login credentials, such as usernames and passwords, which are subsequently transmitted to another system over the network. Keyloggers, a common subtype of information stealers, are specifically crafted to record user keystrokes, potentially exposing sensitive information in the process. The sophistication of information stealers extends to the extraction of a broad spectrum of data, including account passwords, cookies, credit card details, and cryptocurrency wallet information. These pilfered details are meticulously organized into archives, commonly referred to as 'logs,' which are then uploaded back to the threat actors. These logs serve as a repository of stolen data, fueling subsequent cyberattacks or being traded on online marketplaces, with prices ranging from $1 to $150 depending on the victim.2 This intricate process highlights the multifaceted nature of info stealers, posing a significant threat to the security of sensitive information in the digital landscape.

Click here to read the full report.