NS-STEALER is a newly discovered Java-based malware that uses Discord bots to stealthily extract sensitive data from compromised systems. This sophisticated information stealer is distributed through ZIP archives that are disguised as cracked software.
Once a system is infected, the malware creates a folder for storing the harvested data, which includes screenshots, cookies, credentials, autofill data from more than two dozen web browsers, system information, lists of installed programs, as well as Discord tokens, and Steam and Telegram session data.
Alert! New Java #malware "NS-STEALER" uses bots to steal your logins and wallet data from popular browsers and exfiltrates secrets via Discord.
Learn more: https://t.co/vAdo3RQt3A#cybersecurity
— The Hacker News (@TheHackersNews) January 22, 2024
The captured information is then sent to a Discord Bot channel, making use of it as an EventListener to receive the exfiltrated data. This method of data exfiltration via Discord is not only sophisticated but also cost-effective for the attackers.
The malware’s ability to gather sensitive information and support authentication using X509Certificate allows it to quickly and effectively steal information from victim systems.
This development in cyber threats demonstrates the ongoing evolution of malware tactics and the importance of maintaining robust cybersecurity measures, particularly in guarding against seemingly legitimate software downloads that may be fronts for malware distribution.