Extensive browser targeting conducted by novel Shuyal Stealer malware

Newly emergent Shuyal Stealer malware could pilfer login credentials from 19 different web browsers, including Google Chrome, Microsoft Edge, Opera and Opera GX, Epic, Waterfox, Vivaldi, and Yandex, GBHackers News reports. Malicious websites and phishing emails have been leveraged to deploy Shuyal Stealer, which not only uses a targeted SQL query on browser-stored SQLite databases to pilfer usernames and passwords from over a dozen browsers but also leverages multiple APIs and functions to obtain clipboard text and Discord tokens, according to researchers at Point Wild's Lat61 Threat Intelligence Team. Shuyal Stealer also taps Windows Management Instrumentation commands to allow reconnaissance and tailored attacks. Additional findings showed the information-stealing malware's exfiltration of stolen data through Telegram API, as well as stealthy self-replication capability to achieve persistence. Organizations impacted by the Shuyal Stealer have been advised to use specialized tooling, reboot into Safe Mode with Networking, and manually remove illicit Startup folder files to eject Shuyal Stealer. Further command-line log auditing and script execution policy restrictions are also necessary to prevent exfiltration via PowerShell, researchers added.