Widely used web browsers Google Chrome, Microsoft Edge, Mozilla Firefox, and Brave, are having their stored passwords, cookies, and session tokens targeted for exfiltration by the new Katz Stealer malware-as-a-service, according to GBHackers News.
Attacks commence with the distribution of GZIP files with malicious JavaScript, which deploys a PowerShell script that fetches a .NET-based loader that leverages process hollowing to stealthily install Katz Stealer within MSBuild and other processes, a report from Nextron Systems' Threat Research Team revealed. Aside from integrating sophisticated bypass techniques, including the evaluation of screen resolutions for sandbox evasion and exploitation of Windows utilities for privilege escalation, Katz Stealer also allows the injection of additional payloads into browser processes before proceeding with the theft of Wi-Fi credentials, VPN configuration files, Ngrok tokens, and cryptocurrency across a plethora of wallets. Organizations have been urged to mitigate Katz Stealer's threat by tracking for "katz-ontop" and other dubious User-Agent strings in their network traffic, as well as monitoring for atypical process behaviors and temporary files.
Attacks commence with the distribution of GZIP files with malicious JavaScript, which deploys a PowerShell script that fetches a .NET-based loader that leverages process hollowing to stealthily install Katz Stealer within MSBuild and other processes, a report from Nextron Systems' Threat Research Team revealed. Aside from integrating sophisticated bypass techniques, including the evaluation of screen resolutions for sandbox evasion and exploitation of Windows utilities for privilege escalation, Katz Stealer also allows the injection of additional payloads into browser processes before proceeding with the theft of Wi-Fi credentials, VPN configuration files, Ngrok tokens, and cryptocurrency across a plethora of wallets. Organizations have been urged to mitigate Katz Stealer's threat by tracking for "katz-ontop" and other dubious User-Agent strings in their network traffic, as well as monitoring for atypical process behaviors and temporary files.
