TroyStealer

TroyStealer Description

The TroyStealer threat is a recently uncovered piece of malware whose goal is to collect information from its targets. Threats like the TroyStealer malware are usually rather silent to avoid attracting the attention of the victim. When the TroyStealer malware is active on a targeted system, it would gather data and transfer it to the attackers via an SMTP protocol, which is designed to send an email that contains an attached file. Some infostealers utilize data transfers via an HTTP connection, rather than email.

According to malware experts, the TroyStealer threat appears to target users in Portugal mainly. However, this does not mean that the TroyStealer malware operators will not opt to target a different region in future campaigns. The targeted users would receive a bogus email, which claims to be sent by their banks. The fraudulent email claims to contain important information, which needs immediate reviewing. TroyStealer malware operators have chosen to mention 'a bank account issue' to bait users into opening and reviewing the corrupted file attached to the phishing email.

The TroyStealer threat is designed to target specific data, which is considered to be valuable. This infostealer will go after:

  • Paltalk (an instant messaging application) log in credentials.
  • Login credentials from the email client.
  • Contacts list from the email client.
  • A directory containing data regarding the security applications present on the host.

The TroyStealer threat can also be used to deploy a keylogging module, which can collect the victim's keystrokes and thus obtain more data. This threat also is able to obtain data regarding the hardware and software of the compromised host. The TroyStealer also delete Web browser files, but it's not yet known the purpose of this feature.

The TroyStealer malware is a stealthy threat that may remain unnoticed over prolonged periods while collecting and exfiltrating important documents, passwords, personal data, etc. Ensure that your machine is protected by a trustworthy, up-to-date anti-spyware software, which will protect your system and ensure data safety.