Malware

Clandestine BlankGrabber malware examined

Laptop screen showing malware warning sign with digital circuit background on desk in modern office environment with natural light and creative concept.

Windows systems have been more stealthily compromised by the BlankGrabber malware through the exploitation of a counterfeit certificate holder for multi-stage Rust and Python attack chain concealment, GBHackers News reports.

Attacks commence with the distribution of a Gofile.io-hosted batch script that enables the installation of a certificate data-spoofing Rust stager, which conducts anti-sandbox checks before decrypting and deploying a self-extracting SFX archive that contains XWorm and the BlankGrabber stealer, according to an analysis from Splunk's Threat Research Team.

After identifying virtual machines and security systems, BlankGrabber proceeds to leverage multiple commands for victim profiling, as well as enumerate saved Wi-Fi profiles before scouring Firefox and Chromium databases to compromise credentials, autofill information, and cryptocurrency wallet extensions, as well as target Telegram, Roblox, Discord, and Steam. Various Windows Defender protections have been deactivated by the infostealer, which also weaponizes registry-based UAC bypass to facilitate relaunches with escalated privileges and ensure persistence.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds