ColdStealer Malware

ColdStealer Malware Description

The ColdStealer Malware falls into the category of infostealer threats designed to obtain sensitive and private information from the systems they infect. The threat was first discovered by cybersecurity experts. ColdStealer is capable of harvesting various user information and then transmitting it to a dedicated Command-and-Control (C2, C&C) server.

The attack chain of the operation begins with a dropper malware that compromises the targeted systems. The threat is tasked with breaching the device, fetching the ColdStealer payload, and then executing it. A likely vector for the distribution of the dropper is through weaponized crack programs for popular software products.

Once established on the system, ColdStealer can extract browser information including cookies, IDs, passwords, and more. The threat also is capable of accessing data from installed browser extensions, cryptocurrency wallets information usually stored in the Registry or the Local and Roaming directories, FTP server information, including a list of servers and associated passwords. ColdStealer's threatening functions also allow it to capture various system information, such as the Windows version, language, CPU type and more. Finally, the threat is able to identify 'wallet' strings or extensions contained in .txt and .dat files. All harvested data is packaged in a ZIP archive and then exfiltrated to the C2. Also transmitted to the C2 are all errors encountered by ColdStealer while active on the victim's device.