Bandit Stealer: A New Malware Targeting Crypto Wallets And Web Browsers - 1

Bandit Stealer: A New Malware Targeting Crypto Wallets And Web Browsers

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Bandit Stealer has been discovered by cybersecurity researchers that has the ability to target multiple web browsers and cryptocurrency wallets. At present, it’s focus is Windows, but the malware has the potential to target other platforms as it’s based on the versatile Go programming language, reports Trend Micro.

To infect a Windows device, it uses a command-line utility program called runas.exe that allows users to execute programs as another user with different permissions. This helps it to gain administrative access by bypassing security to collect any personal data of the user.

However, the malware has been failing in its attempt to use this tool. Microsoft’s strict access control mitigation prevents unauthorized use of this function as appropriate credentials are required to execute administrative-level actions. ‘’Bandit Stealer is not successful in utilizing it because they need to provide the appropriate credentials,’’ stated Trend Micro.

Bandit Stealer performs checks to see if it’s running in a sandbox, test, or virtual environment and for this it downloads a blacklist that contains hardware IDs, IP addresses, MAC addresses, usernames, hostnames, and process names. Once this check is complete, the malware terminates the blacklisted processes associated with anti-malware solutions. This process helps it to avoid detection in an infected machine.

Moreover, the malware also establishes persistence by creating a registry entry for autorun in Windows. With this modification, Bandit Stealer successfully starts collecting sensitive personal data from the targeted system including IP location, system configuration, country code and stored financial information from browser and crypto wallets. It can also access user’s Telegram account to perform various malicious activities like impersonation, etc.

This malware can be downloaded by users through attachments in phishing emails, fake installers or visiting malicious websites.

Researchers at Trend Micro have not associated any threat group with this malware on account of ‘’its recent emergence and limited data on its operation’’. However, they believe that this malware can be used by threat actors to carry out identity thefts, data breaches, and other malicious activities.

Data Breach: MCNA Reveals 8.9 Million Customers Impacted by Ransomware Attack - 2

Data Breach: MCNA Reveals 8.9 Million Customers Impacted by Ransomware Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Managed Care of North America (MCNA) Dental announced that it has experienced a data breach, where unknown hackers infiltrated its network and stole personal data of 8,923,662 customers.

  • First and last name, address, date of birth, phone number, email
  • Social Security number
  • Driver’s license number/other government-issued ID number
  • Health insurance details
  • Dental care records
  • Bills and insurance claims

Moreover, the notice submitted to the Maine Attorney General’s Office, stated that the breach also involved information of some parents, guardians, or guarantors (bill payers). It further went on to say, ‘’ Information which was seen and taken was not the same for everyone.’’

MCNA claims that they have taken appropriate remedial measures to mitigate the risk and deployed better security measures to avoid similar incidents in the future. It also contacted law enforcement authorities to avoid any misuse of stolen information. Additionally, MCNA is also offering 12 months free identity theft protection and credit monitoring service through IDX to affected customers.

The organization also stated that as it does not have contact information of all the affected customers, hence a substitute notice was issued on IDX website. The notice would be active for 90 days.

MCNA did not release any details about the threat actors, however, ransomware group LockBit claimed responsibility for the attack. On not being paid the ransom of $10 million, the gang published the 700GB stolen data on their website.

As both personal and financial data is now available to other threat actors, MCNA has advised affected customers to be cautious and protect themselves against phishing and identity theft attempts.