Among the stealers that Cisco Talos Intelligence Group has observed, the #SapphireStealer is a new one that appears to focus on browser credential theft with its straightforward techniques. It is capable of gathering host information, screenshots, cached browser credentials, and files stored on the system. It then creates its own directory and stores credentials in a passwords.txt file and screenshots then zips all the data up and exfiltrates it using Simple Mail Transfer Protocol (SMTP). PLUS, as an added bonus, the research team observed some operational security (OPSEC) failures by the adversary which led to some personal accounts that could be associated with the threat actor! Enjoy and Happy Hunting!

SapphireStealer: Open-source information stealer enables credential and data theft
https://blog.talosintelligence.com/sapphirestealer-goes-open-source/

#CyberSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

SecurityAffairs: Talos wars of customizations of the open-source info stealer SapphireStealer https://securityaffairs.com/150227/cyber-crime/open-source-info-stealer-sapphirestealer.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SapphireStealer #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #infostealer #CyberCrime #Cybercrime #Malware #Hacking #malware

#OpenSource #Malware #SapphireStealer Expands #cybersecurity #infosec https://www.infosecurity-magazine.com/news/open-source-malware/

Cisco Talos found hackers are modifying the open source code of SapphireStealer, adding tools and functions that make it easier to steal data

#SapphireStealer #Cisco

https://therecord.media/saphirestealer-open-source-malware-modifications