AB Stealer

By GoldSparrow in Stealers

The AB Stealer is a threat that is used to collect the victims' passwords and other information. The AB Stealer is used to collect information and belongs to a large category of threats that carry out these attacks. The AB Stealer has been around for a while, and traces of the AB Stealer have existed since April 2016. Since its first appearance, the AB Stealer has been updated regularly. Malware analysts have not determined who is responsible for developing and releasing the AB Stealer exactly, but it seems that their primary language is Arabic and that the AB Stealer is being distributed on the Dark Web as a threat builder. The AB Stealer features a Web panel that is relatively simple to use and has been released in various custom versions since its initial release. PC security researchers consider that threats like the AB Stealer represent a real danger to the victims' data and information, and steps should be taken immediately if they suspect that their computers have become infected with a threat like the AB Stealer.

Using the Alphabet to Name a Harmful Scheme

The AB Stealer, although simple, seems to have all of the advanced features that have been seen in more sophisticated information collecting Trojans. The AB Stealer is installed by cybercrooks that use various techniques to hack into the victims' computers. The AB Stealer uses a keylogger component to keep track of the victim's activity on the infected computer. The AB Stealer will inject a bad code onto the victim's computer that allows the AB Stealer to collect passwords for online banks and secure websites. The AB Stealer will take screenshots of the infected computer and send them to a remote location and can run even with limited privileges on the infected computer. The AB Stealer also can extract passwords saved in the most commonly used Web browsers on the Windows operating system.

Additional Details about the AB Stealer and Its Attack

Rather than having the AB Stealer's Command and Control servers on a specific location, criminals will use compromised websites and servers as the AB Stealer's Command and Control servers. After taking advantage of various vulnerabilities, such as weak RDP accounts, the cybercrooks can turn any computer into a Command and Control server virtually, allowing them to avoid detection and being tracked down by the people responsible for the AB Stealer attack. To prevent these attacks, PC security researchers advise computer users to avoid spam email messages, ensure that all software and website platforms are fully updated, and install a strong security program. According to reports from the AB Stealer's developers themselves, the following are the characteristics of the AB Stealer itself, as well as how it is detected by 35 different anti-virus programs on the market:

Filename: AbBuild v.1.0.exe
Filesize: 80,50 kB
Date: 2016-07-24 17 : 16 : 52
MD5: 9e44c10307aa8194753896ecf8102167
SHA1: 6e47601618ef2e2dfb1fed837ba7082cd7a427f4
Status: Infected
Rate: 20/35

Ad-Aware - Trojan.GenericKD.3404642
A-Squared - Trojan.GenericKD.3404642 (B)
Avast - File is clean
AVG Free - Trojan horse PSW.MSIL.BBDK
AntiVir (Avira) - TR/Keylog.exvk
BitDefender - Trojan.GenericKD.3404642
BullGuard - Gen:Variant.Razy.82094
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - Trojan.MSIL/Spy.Keylogger.AVQ
eTrust-Vet - Trojan.GenericKD.3404642
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - Trojan.GenericKD.3404642
G Data - Trojan.GenericKD.3404642
IKARUS Security - Trojan-PWS.MSIL
K7 Ultimate - Spyware ( 004bcf421 )
Kaspersky Antivirus - HEUR:Trojan.Win32.Generic
McAfee - File is clean
MS Security Essentials - TrojanSpy:Win32/Skeeyah.A!rfn
NANO Antivirus - File is clean
Norman - Trojan.GenericKD.3404642
Norton Antivirus - File is clean
Panda CommandLine - Trj/GdSda.A
Panda Security - Suspicious
Quick Heal Antivirus - EE:Malware.GenericKD.3404642
Solo Antivirus - File is clean
Sophos - Mal/Generic-S
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - Trojan.Win32.Generic=21BT
Zoner AntiVirus - File is clean


Most Viewed