Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. To aid the industry in guarding against this threat, Aditya K Sood and Rohit Chaturvedi from the Advanced Threat Research Center of Excellence within F5's Office of the CTO present a 360 analysis of the Collector-stealer malware to unearth hidden artifacts covering binary analysis, its working, and the design of associated C&C panels.
Collector-stealer has become quite pervasive in a relatively short time. Stolen information resulting from the malware is generally made available through underground markets for nefarious purposes. Attackers primarily target European countries using Collector-stealer, but it also impacts users from other countries such as the U.S.A., China, and Cambodia.
Here are some of the highlights and interesting characteristics of Collector-stealer uncovered through this analysis:
Collector-stealer gained popularity on underground forums due to broad malware features. We have seen many users show interest in buying this malware and some groups have even attempted to provide a cracked version. The "Hack_Jopi" Russian group has sold Collector-stealer on forums since October 2018.
The complete research detailing analysis of this malware has been released in Virus Bulletin. Get the research paper expanding on the above and other findings by visiting: