In addition to daily activity on the dark web, a new surface threat has emerged: the famous “Nget Stealer”. This information thief, operating under the radar with complete undetectability (FUD), has set its sights on cryptocurrency wallets, posing a risk to online privacy and financial security.
The Nget Stealer is currently hosted on https://intrusion.lol/, marketing it as a “Discord C2 Stealer”. The website also links to a Discord server, which is currently down with a notification saying: “This invitation may have expired or you may not be allowed to join.”
Dismantle Nget Stealer, the new information thief
Nget Stealer uses a stealth approach, extracting sensitive data such as passwords and browsing session cookies, amplifying the potential for privacy violations. What sets it apart is its reverse hull feature, providing attackers with versatile control. However, this control extends beyond data extraction, as Nget Stealer is capable of terminating critical processes, causing a dreaded blue screen of death (BSOD).
The malware tool doesn’t stop there: it is equipped with Auto Nitro Purchase (ANP) and Grab Gift Inventory Codes (GIG) features, increasing the potential for financial exploitation. The inclusion of advances encryption methods such as Fernet, AES and CBC for secure communication via webhooks add another layer of sophistication to this cyber threat.
The person responsible for Nget Stealer proudly boasts about its features, including a clean cmd generator with 20-layer obfuscation, 15-layer Fernet Webhook encryption, and fast response time without crashes. The manufacturer guarantees that the consequences generated by Nget are automatically cleaned up, demonstrating the effectiveness of the tool and its ability to transparently cover its tracks.
A threat to organizations, a comfort to cybercriminals
Nget Stealer compatibility is limited to the Windows 10 and 11, with no version available for Mac users. The prerequisites for using this stealth tool include Python 3.9 or earlier, and it can optionally be used on a virtual machine running Win10/11.
The danger posed by Nget Stealer is further exacerbated by his presence on popular communication platforms like Discord And Telegram, where it functions as a command and control (C2) server. This signifies a growing trend among cybercriminals to exploit widely used platforms for their own purposes. malicious activities.
In light of this emerging threat, users are advised to exercise extreme caution and implement robust cybersecurity measures. Since these information thieves exist on the Internet at the surface level, hackers or individuals with malicious intentions can exploit these tools to exploit and exploit them. cyber attacks.
This is an ongoing story and The Cyber Express is closely monitoring any developments in the Nget Stealer story. We will update this article once we have more information about this information stealer and how it works.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.