5/29/2023 0 Comments Token grabber com![]() The number of samples related to Hazard stealer has increased significantly in the last three months, as shown below. Figure 1 shows the statement made by the Threat Actor. This indicates that the malware present on GitHub might not be that evasive, and the TA has only uploaded it there for advertisement purposes. Interestingly few of the samples had either low or even zero detection.Īs per the statement made by the Threat Actor (TA), it appears that an upgraded version of Hazard Stealer can be accessed by purchasing it on their Discord server or website. Most of the samples seen in the wild are the actual Python source code of the malware used for compiling the binary, indicating that the malware has been used on a large scale. Both versions are available on GitHub for free.ĭuring our OSINT threat hunting exercise, we came across over 2000 Samples related to this stealer present in the wild. The initial version of Hazard Token Grabber was spotted in the wild in 2021, and we have observed an upgraded version now, which Threat Actors (TAs) are using to steal the user’s data. This step mitigates against triggering false positives and allows you to refine your configuration.įor more information, see KB87843 - List of and best practices for Endpoint Security Dynamic Application Containment rules.Upgraded version of Stealer Targeting Discord UsersĬyble Research Labs has come across a new strain of malware performing stealing activities named Hazard Token Grabber. Resolve any issues that arise and then set the rules to Block. ![]() When you implement new rules or signatures, always set them to Report mode first and check the alerts generated. IMPORTANT: Always follow best practices when you enable new rules and signatures. Minimum set of Manual Rules to improve protection to block this campaign: This Knowledge Base article discusses a specific threat that's being tracked. Review KB82925 - Identify what rule corresponds to an Adaptive Threat Protection and Threat Intelligence Exchange event.Review KB87843 - Dynamic Application Containment rules and best practices. ![]() Review KB91836 - Countermeasures for entry vector threats.Consider implementing them if they are not already in place. Scroll down and review the "Product Countermeasures" section of this article.To download the latest content versions, go to the Security Updates page. Review the product detection table and confirm that your environment is at least on the specified content version. ![]() If a Threat Hunting table has been created, use the rules contained to search for malware related to this campaign.This campaign was researched by Cyble and shared publicly. Our Threat Research team gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. The data collected and exfiltrated includes system information, Discord tokens, and cookies and login credentials from the Chrome browser. The malware is developed using Python and uses webhooks to exfiltrate stolen information to a Discord channel. The malware was discovered in 2021 and is available on GitHub. An updated version of the Hazard Token Grabber information stealer was discovered to target Discord users.
0 Comments
Leave a Reply. |