Immortal Stealer

Immortal Stealer Description

Some cyber crooks develop hacking tools, which they never employ in campaigns themselves. The goal is to create a tool that other cybercriminals can purchase and utilize. This way, the creators of the hacking tool would not get involved in any criminal activity themselves but would still be making money. An example of this is the Immortal Stealer – a hacking tool that is available for purchase online. Advertisements promoting the Immortal Stealer utility have been spotted on the Dark Web, as well as several hacking forums.

Commodity malware, like the Immortal Stealer, is among the most unpredictable threats. This is because commodity malware often is distributed by many threat actors, who may use a range of propagation techniques and target different demographics. Experienced cyber crooks and rookie evil actors can get access to the Immortal Stealer, which means that we are likely to see a wide variety of infection vectors used in the distribution campaigns.

The Immortal Stealer is a rather feature-rich infostealer. The Immortal Stealer is capable of collecting data from 24 different Web browsers, alongside instant messaging applications and other utilities. The Immortal Stealer is able to collect a significant amount of information from Web browsers including:

  • Cookies.
  • Saved payment information and credit card details.
  • Saved login credentials.
  • Autofill information.

The Immortal Stealer also would go after two popular instant messaging utilities – Discord and Telegram. This hacking tool will target the Steam gaming platform and several others, which are less known. The Immortal Stealer will collect files from several launchers for the Minecraft video game - LavaCraft, VimeWorld, MinecraftOnly, and McSkill among others. However, this is not all. The Immortal Stealer also would go after the FileZilla FTP client. The hacking tool would target two files, namely ‘sitemanager.xml’ and ‘recentservers.xml.’ These two files are likely to contain important information in regards to the FTP connections of the targeted user. And to top it all off, the Immortal Stealer also targets cryptocurrency funds by looking for a ‘wallet.dat’ file on the target’s system. This file is associated with a Bitcoin wallet service called Bitcoin-Qt.

When the Immortal Stealer infiltrates a computer, it will look for .doc, .docx, .txt, .sql, and .log files present on the desktop and some folders of the user. If any files that match these criteria are located, the Immortal Stealer would collect them in a folder and exfiltrate them to the C&C (Command & Control) server of its operators.

The Immortal Stealer is a threat that should not be underestimated – it can be spread by numerous evil actors via various different means. Take measures to keep your PC is protected by a modern, reputable anti-malware application that will not allow threats like the Immortal Stealer to compromise your system.