The Jester Stealer is a potent infostealer malware that has been under active development by its creators, and in just a short amount of time has managed to expand its invasive capabilities significantly. According to the infosec researchers at Cyble Research, the threat is being offered for sale on underground hacker forums since at least July 2021. By the end of that year, the threat was updated more than six times. A version from early 2022 boosted the file transfer speeds of the threat and reduced runtime detections. Jester Stealer's creators offer multiple tiers with the most basic one being priced at $99 per month, while lifetime access can be purchased for $249. There also is a build pack that costs $999 for every three months of access.
At its core, the Jester Stealer is a Net-based malware. Typically, it infects the targeted systems via phishing emails carrying a weaponized attachment. The corrupted file may be disguised as various legitimate file types, including txt, png, xls, pdf, mp3, mp4 and more. Before it becomes fully operational, the Jester Stealer checks the environment for signs of virtualization or sandboxes. It can detect the presence of VirtualBox, VMBox, and VMware, and will terminate its execution upon a positive match.
Once fully established on the machine, the threat can act as a stealer, crypto-miner, clipper and botnet. It can target numerous applications and browsers to obtain sensitive private information. For example, the Jester Stealer can obtain passwords, credit card numbers, cookies, autofill information, and more from over 20 Web browsers. The threat can compromise several email clients, IM applications, crypto-wallets and password managers. Gaming and streaming applications also can be affected by the malware since it is capable of accessing Steam sessions or Twitch and OBS profiles. In addition, the threat has been equipped with the ability to take arbitrary screenshots, collect network passwords, profiles, and access the host system to harvest various details.
All collected data is copied into the system memory, archived in a ZIP file and exfiltrated. Finally, the Jester Stealer will delete itself from the system to make the breach far more difficult to notice.