Taurus Stealer Description
Taurus Stealer is the name of a new infosteal that is offered as a commodity online. The authors of the Taurus Stealer appear to be offering this threat for $100, which makes the threat very accessible as the price is not set too high. According to cybersecurity experts, the Taurus Stealer creators are the same ones behind the 'Predator the Thief' threat. The Taurus Stealer is rather threatening not only because of its relatively low price but also because it is a fairly feature-rich threat. Recently, the Taurus Stealer has been distributed via phishing email campaigns such as the 'Google Pay' Email Virus.
The Taurus Stealer does not work in certain countries. The countries on the Taurus Stealer's blacklist all appear to be ex-Soviet states – Ukraine, Belarus, Moldova, Georgia, Armenia, Kazakhstan, Tajikistan, Uzbekistan and others. It is likely that the threat's authors consider these nations allies and prefer to avoid any campaigns targeting users from the aforementioned states.
In advertisements promoting the Taurus Stealer, the threat's developers claim that this infostealer can be used to obtain:
- Files associated with well-known cryptocurrency wallet software, including Jaxx, Atomic, Exodus, Electrum, Bytecoin and others.
- Sessions and logs associated with Telegram, Steam and Discord.
- Saved login credentials and cookies from Microsoft Edge and Internet Explorer.
- Login credentials for Microsoft Outlook, Pidgin and Foxmail.
- Skype chat sessions.
- Login credentials for FTP clients (for example, FileZilla).
- Login credentials for NordVPN.
The Taurus Stealer also targets Gecko-based Web browsers, like Mozilla Firefox, and Chromium-based browser such as Google Chrome. This threat is able to collect:
- Autofill information.
- Saved login credentials.
- Browsing history.
The Taurus Stealer is a threat that can collect a significant amount of information from its targets. To protect your data and your system, it is best to install a genuine, modern anti-virus software suite.