Leakyinjector And Leakystealer Malwares Attacks Users To Steal...

A dangerous two-stage malware threat, LeakyInjector and LeakyStealer, that targets cryptocurrency wallets and personal browser information explicitly.

The malware duo works in tandem to steal sensitive data from infected Windows computers. The attack begins when LeakyInjector, the first stage, quietly injects a second malware, LeakyStealer, into the explorer.exe process.

This injection technique uses low-level Windows programming interfaces to avoid detection by security software. Once installed, LeakyStealer takes over and begins searching for cryptocurrency wallets and browser history files.

According to Hybrid-analysis, the LeakyStealer hunts for multiple popular cryptocurrency wallets, including Electrum, Exodus, Atomic, and Ledger Live.

It also targets browser-based crypto wallets like MetaMask, Phantom, Coinbase Wallet, and Trust Wallet.

Beyond crypto theft, the malware extracts browser history from Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi browsers.

The malware communicates with a command-and-control server to send stolen data back to the attackers.

It uses sophisticated techniques, such as a “polymorphic engine” that modifies its own memory at runtime to evade security detection tools.

Both malware stages are digitally signed with valid certificates, making them appear legitimate to Windows security systems.

The malware establishes persistence by copying itself as “MicrosoftEdgeUpdateCore.exe” and adding itself to Windows startup routines, ensuring it survives system restarts.

Source: Cybersecurity News