Cypress Stealer

Cypress Stealer is a powerful information stealer that can access, log, and exfiltrate vast amounts of sensitive private data from the infected victims. The threat is written in the C programming language and is being offered for sale on underground hacker forums. The price for the malware is set at $100. Once established onto the targeted system, Cypress Stealer stores its data within the system's RAM without needing to write anything on the hard disk. As a result, the threat is much harder to detect.

Cypress Stealer can extract information from numerous different sources. The threat affects all Chromium-based web browsers alongside the rest of the popular browser applications - Mozilla Firefox, Microsoft Edge, Internet Explorer, etc. Email clients such as Microsoft Outlook and Mozilla Thunderbird, session data from Telegram, ProtonVPN, NordVPN, FileZilla could also be breached. The threat can obtain Discord and 2FA (two-factor authentication) tokens, Origin sessions, PSI and PSI + information, Windows store, Total Commander, and Pidgin data. Device information including system details, a list of running processes, and geolocation will also be collected and exfiltrated.

The potential of Cypress Malware to compromise the user's login credentials, banking details, purchase history, credit/debit card information, and sensitive data from such a vast list of affected applications makes it an extremely harmful threat. The hackers can use the gathered data to run multiple threatening operations with a significant impact on the victim such as sell the data to other cybercriminals, make fraudulent purchases, spread additional malware, or conduct phishing tactics by impersonating the victim.