There is no such thing as a slow week for cybercrime and today we are going to talk about an information stealer called X-FILES which can steal information from 5 browsers including Google Chrome, Chromium, Slimjet, Vivaldi and Opera GX.
This threat targets saved cookies, saved login credentials (usernames, email addresses, passwords), and credit card details.
It should be noted that this also points to information such as zip code, Internet Protocol (IP) address, version of the installed operating system, system language. Furthermore, this stealer can collect TXT (.txt) files stored on the desktop. It means that cyber criminals can use X-FILES stealer to hijack personal accounts, eg email, social media accounts, and use them for malicious fines.
It is important to mention that X-FILES runs in Task Manager as “Svc_host”. Svchost.exe (Service Host or SvcHost) is a legitimate Windows process. However, it is common for malicious programs (including X-FILES) to use the same names to avoid antivirus detection.
One of the most common ways malware is distributed is by sending emails with malicious attachments or website links. In both cases, cybercriminals try to trick recipients into opening a malicious file. If opened, it installs ransomware or other high-risk malware. Some examples of files that can be used to distribute malware in this way are Microsoft Office or PDF documents, archive files such as RAR, ZIP, executable files (such as .exe), JavaScript files. Another way to distribute malicious software is to trick users into installing a Trojan. Certain Trojan can be designed to cause chain infections, to download and install its malicious payload. Untrustworthy software download sources such as untrustworthy and unofficial websites, freeware downloads, free file hosting websites, Peer-to-Peer networks (e.g. torrent clients, eMule), third party downloaders and other such channels can be used to distribute malware.
Fake software updaters are tools that are designed to look like official, legitimate updaters. However, they install unwanted or even malicious programs. They don’t install updates, fixes. It is worth mentioning that these tools can infect computers by exploiting bugs, flaws of outdated software.
That is why irrelevant emails received from unknown and suspicious addresses containing any attachment or website link should not be trusted. It is common for cybercriminals to send such emails that attempt to distribute malware. The software must be downloaded from official web pages and via direct download links.
