The infostealer malware category has been on the rise in recent years as it provides a wide range of sensitive data collection and is easy to deploy. According to analysis by Cyble Research, Jester Stealer is an emerging threat that first appeared on cybercrime forums in July 2021. Since then, it has been updated seven times, with each version bringing new capabilities. The latest version appears to be 1.7.1.0, announced in January 2022 with improvements such as better file transfer speeds and reduced runtime detections.
This is a .Net-based malware that usually reaches target systems via phishing emails, disguised as a txt, jar, ps1, bat, png, doc, xls, pdf, mp3, mp4 or attachment pp. Alternatively, threat actors use random distribution channels, such as pirated content and hacking tools promoted through YouTube.
It has several built-in checks to prevent scanning by checking if it is running in a virtualized environment. If the malware detects the presence of VirtualBox, VMBox, or VMWare on the host system, it ends its execution.
It should be noted that Jester Stealer encrypts many files belonging to different games, so if you can no longer open documents, photos or games, it is probably because Jester Stealer has entered your computer. Of course, there are other clues that allow us to confirm if it is really this ransomware that is present on the computer. If you have come across Jester Stealer, the only thing that makes sense now would be to get rid of the invading malware.
To keep the chance of data stealing infections to a minimum, avoid downloading executables from untrustworthy websites and torrent swarms and of course, don’t download or run files that arrive via spam emails, and always check downloaded files with an up-to-date AV tool from a reputable provider.
