SapphireStealer malware gains traction

More threat actors have been leveraging the leaked source code of open-source information-stealing malware SapphireStealer to develop improved versions of the malware, according to The Hacker News. Other iterations of SapphireStealer discovered in the wild had flexible data theft capabilities facilitated by Telegram API or a Discord webhook, as well as allowed stealthier operations, a Cisco Talos report showed. SapphireStealer has also been distributed through the FUD-Loader malware loader, which is also .NET-based like the information stealer. Researchers noted that attackers have already used FUD-Loader to deploy the Agent Tesla, njRAT, DCRAT, and DarkComet remote administration tools. Such findings follow a Zscaler report detailing the Agniane Stealer, which could exfiltrate data not only from Telegram, Discord, and file transfer tools but also from 10 cryptocurrency wallets and more than 70 cryptocurrency extensions. "The threat actors responsible for Agniane Stealer utilize packers to maintain and regularly update the malware's functionality and evasion features," said Zscaler researcher Mallikarjun Piddannavar.