Threat Database Stealers Nocturnal Stealer

Nocturnal Stealer

By GoldSparrow in Stealers

PC security researchers are receiving reports of a data-stealing Trojan known as the Nocturnal Stealer. According to these reports, the Nocturnal Stealer is currently being distributed on the Dark Web hacking forums. Criminals can purchase the Nocturnal Stealer for 1,500 Rubles (approximately25 USD) to then use it as part of their own attacks. The Nocturnal Stealer has been around at least since March 2018. The Nocturnal Stealer is capable of collecting data from a wide variety of sources. According to the Nocturnal Stealer's specs, the Nocturnal Stealer is capable of collecting data from 22 different Web browser applications and also can target 28 different cryptocurrency wallets. The Nocturnal Stealer supports communications with its Command and Control server by using encryption and two-factor authentication, making it nearly impossible to intercept its communications or for PC security researchers to gain access to the Nocturnal Stealer's Command and Control server. The Nocturnal Stealer poses a significant threat to the computer users' data, and it is important to take steps to safeguard any information, such as online account passwords, online banking passwords and cryptocurrency data.

As with Any Nocturnal Creature, the Nocturnal Stealer Attack is Scary

One of the reasons why the Nocturnal Stealer is threatening particularly is that it removes one of the barriers to entry for the criminals interested in carrying out these attacks. A significant barrier for criminals was being able to afford the data collecting tools similar to the Nocturnal Stealer. The fact that the Nocturnal Stealer is freely available at such a low price is a real problem since it allows more potential criminals to carry out attacks. The Nocturnal Stealer is not advanced particularly when compared to other, similar threats, because there is no real obfuscation of the Nocturnal Stealer's code and it connects through unsecured channels particularly. However, its adaptability to different attacks and the fact that it is very low in price means that nearly anyone, regardless of their ability level or resources, has access to the means to collect data and launch a malware campaign capable of thwarting some anti-virus defenses.

How the Nocturnal Stealer Attack Works

The victims of the Nocturnal Stealer can be infected in several ways. The Nocturnal Stealer will be delivered through a variety of methods, which may include other Trojans or threatening software downloads. The Nocturnal Stealer is programmed using C++ and will be installed in a hidden folder onto the victim's computer. Once installed, the Nocturnal Stealer connects to its Command and Control servers and relays information about the infected computer. The Nocturnal Stealer will then attempt to collect information from various applications, which may include Web browsers, FTP software, cryptocurrency wallets and numerous other sources. The Nocturnal Stealer may affect several, vulnerable Web browsers, which include:

Chromium, Google Chrome, Kometa, Amigo, Torch, Orbitum, Opera, Comodo Dragon, Nichrome, Yandex Browser, Maxthon 5, Sputnik, Epic Privacy Browser, Vivaldi, CocCoc, Mozilla Firefox, Pale Moon, Waterfox, Cyberfox, BlackHawk, IceCat, K-Meleon.

The cryptocurrencies that the Nocturnal Stealer targets in its attack are:

Bitcoin Core, Ethereum, ElectrumLTC, Monero, Electrum, Exodus, Dash, Litecoin, ElectronCash, ZCash, MultiDoge, AnonCoin, BBQCoin, DevCoin, DigitalCoin, FlorinCoin, Franko, FreiCoin, GoldCoin, InfiniteCoin, IOCoin, IxCoin, MegaCoin, MinCoin, NameCoin, PrimeCoin, TerraCoin, YACoin.

The Nocturnal Stealer will export the collected data in the form of text files. Two text files are created, one named 'information.txt' and the other 'passwords.txt.' As their names indicate, different data types are stored in these files. The Nocturnal Stealer will upload these files to its Command and Control servers using a connection that is not encrypted, which allows PC security researchers to update security software to block connections associated with the Nocturnal Stealer. The best protection against the Nocturnal Stealer, as with most, similar threats of this type, is to learn to recognize the tactics used to distribute the Nocturnal Stealer and use n effective security program that is fully up-to-date.


Most Viewed