By GoldSparrow in Trojans

The GrandSteal infostealer is a brand-new threat that does not seem to be related to any of the infostealers known to malware researchers. This threat has managed to confuse some anti-malware services too, as some of them report that this is a copy of the Quasar RAT. Upon further inspection, however, it turned out that the two threats are not related at all. There has been a report stating that a variant of the GrandSteal infostealer was hosted on a Russian domain. Do not rush to conclusions, though – this does not mean that the threat originates from the Russian Federation.

The GrandSteal Infostealer Capabilities

Cybercriminals who develop their own hacking tools often tend to sell them on hacking forums online. However, so far, cybersecurity experts have not spotted an advertisement regarding the GrandSteal infostealer. This indicates that the authors of the GrandSteal infostealer are either still working on the threat or planning on using it privately instead of selling it publicly. The GrandSteal infostealer has an impressive list of capabilities:
It can collect saved credit card information, cookies, autofill forms, and login credentials, which may be located in the Google Chrome Web browser and other Chromium-based browsers.

  • It can exfiltrate credentials regarding the FileZilla XML configuration file.
  • It can collect files from the Favorites, Desktop, and Personal folders on the compromised host.
  • It can collect credentials and cookies linked to the Gecko Web browser.
  • It can gather the login credentials from the RDP (Remote Desktop Protocol).
  • It can collect Telegram chatting sessions.
  • It can collect the Discord token of the victim.

If you want to be safe from threats like the GrandSteal infostealer, make sure you download and install a reputable anti-malware tool and do not forget to update it regularly.


Most Viewed