Threat analysts have spotted another reduction to the growing info-stealer malware infection space, called Prynt Stealer, which offers powerful capabilities and additional clipper and keylogger modules.
Prynt Stealer targets a large selection of web browsers, messaging apps, and gaming apps and can also make direct financial commitments.
Its authors sell the tool in time-based subscriptions, such as $100/month, $200/quarter, or $700 for a year, but it is also sold under a lifetime license for $900.
Saintstealer, is a 32-bit C# .NET based executable with the name “saintgang.exe”, is equipped with anti-scanning checks and chooses to shut down if run in a sandboxed or virtual environment.
The malware can capture a wide range of information ranging from taking screenshots to collecting passwords, cookies, and autofill data stored in Chromium-based browsers such as Google Chrome, Opera, Edge, Brave, Vivaldi, and Yandex, among others.
It can also steal Discord multi-factor authentication tokens, files with .txt, .doc, and .docx extensions, as well as extract information from VimeWorld, Telegram, and VPN apps like NordVPN, OpenVPN, and ProtonVPN.
In addition to transmitting the compressed information to a Telegram channel, the metadata related to the extracted data is sent to a remote command and control (C2) server, so its wide range of possibilities seduces many cybercriminals.
Cybercriminals can be harmful to both individuals and large organizations. Since these usually point to one or the other. And it is everyone’s problem since they are always active and we can never lower our guard against this kind of threat.
