BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New data thief Invicta Stealer spreads via fake emails from hosting giant GoDaddy

    Over 30 popular web browsers and 25 crypto wallets - this is the goal of an advanced infostealer.

    Cyble researchers recently discovered an information thief called "Invicta Stealer" on the Internet. This malicious software is capable of collecting various data from infected computers, including information about the system, hardware, wallets, browsers, and applications. The creator of the infostealer offers to buy it for everyone, in connection with which he actively advertises his creation in Telegram and YouTube, boasting of its ability to steal information.

    The main method of distribution of Invicta Stealer is spam mailing, which imitates letters from GoDaddy with an offer to return money for previously rendered services. The email contains a phishing HTML page that contains a link that redirects the victim to the Discord URL. There, the download of the "Invoice.zip" file is instantly initiated. Everything happens so fast that an inexperienced user does not even notice that the download of the archive has taken place from an unofficial site.

    Inside the archive there is a shortcut file "INVOICE_MT103.lnk", the icon of which looks like a PDF file. The shortcut runs a PowerShell command to download and execute an HTA file with VBScript code. This code, in turn, runs another PowerShell script that downloads and runs Invicta Stealer.

     

    Once launched, Invicta Stealer collects a lot of data about the system and equipment of the victim: computer name, username, time zone, system language, OS version, list of running processes, list of installed programs, amount of RAM, number of processor cores, screen resolution, device ID, IP address and geolocation.

    In addition, the cyberthief steals data from a long list of browsers (31 web browsers), including Russian Yandex, Sputnik and Amigo. And then targets cryptocurrency wallet extensions (26 extensions), including: ARK Desktop Wallet, Armory, Atomic, Binance, Bitcoin, CloakCoin, Coinomi, Daedalus Mainnet, Dogecoin, Electrum, Electrum-LTC, Electrum-Smart, ElectrumG, Exodus, Exodus Eden, Guarda, Jaxx Liberty, Litecoin, MultiBitHD, Nano Wallet Desktop, Neblio, Neon, Scatter, VERGE, WalletWasabi, Zcash.

    Next, the thief collects data from several specific applications. Among them:

    Steam - active game sessions, usernames, a list of installed games are retrieved;
    Discord - extracts local databases;
    KeyPass - Retrieves the local database of encrypted passwords.

    After stealing data from applications, the thief proceeds to steal files from the desktop and Documents folder of all users registered on the computer. And when all the necessary data is collected, the program packs them into a ZIP archive and sends them back to the operator's server.

    Invicta Stealer stands out from other infostealers due to its ability to attack several categories of highly sensitive information at once in various applications and browsers.

    Stolen data can be used by attackers both for financial gain and for launching attacks on specific individuals or entire organizations. In order not to become another victim of scammers, you should follow the following recommendations from Cyble experts:

    set up backup
    use proven anti-virus packages;
    set up automatic software updates on all devices;
    avoid downloading pirated software from suspicious websites;
    do not open suspicious links and email attachments without checking;
    use strong passwords and multi-factor authentication;
    closely monitor network activity;
    block potentially dangerous URLs;
    train employees in the organization to protect against threats such as phishing.
    Author DeepWeb
    Stealthy New Trojan SeroXen RAT Bypasses Antiviruses and Gives Hackers Full Access to Targeted Computers
    Sphynx - new ransomware weapon. Why is this virus so much more dangerous than the previous ones?

    Comments 0

    Add comment