Figure 1 shows the statement made by the Threat Actor. This indicates that the malware present on GitHub might not be that evasive, and the TA has only uploaded it there for advertisement purposes. Interestingly few of the samples had either low or even zero detection.Īs per the statement made by the Threat Actor (TA), it appears that an upgraded version of Hazard Stealer can be accessed by purchasing it on their Discord server or website. Most of the samples seen in the wild are the actual Python source code of the malware used for compiling the binary, indicating that the malware has been used on a large scale. Both versions are available on GitHub for free.ĭuring our OSINT threat hunting exercise, we came across over 2000 Samples related to this stealer present in the wild. The initial version of Hazard Token Grabber was spotted in the wild in 2021, and we have observed an upgraded version now, which Threat Actors (TAs) are using to steal the user’s data. Upgraded version of Stealer Targeting Discord UsersĬyble Research Labs has come across a new strain of malware performing stealing activities named Hazard Token Grabber.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |