A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints.
CYFIRMA cybersecurity researchers have published a detailed investigation of the infostealer known as Yunit Stealer. Yunit Stealer employs JavaScript to include system utility and cryptography modules, enabling it to do activities such as system information retrieval, command execution, and HTTP queries. It persists on the target device by altering the registry, adding jobs via batch and VBScript, and, finally, by setting exclusions in Windows Defender.
When it comes to infostealing, Yunit is just as effective as any other malware. It can steal system information, browser data (passwords, cookies, autofill information, etc.), and bitcoin wallet information. In addition to passwords, it can keep credit card information that is kept in the browser.
Once the malware has gathered all of the data it deems useful, it will attempt to exfiltrate it via Discord webhooks or into a Telegram channel. It will also upload it to a remote site and provide a download link for future use. The URL will also include screenshots, allowing the threat actor to access the information while remaining anonymous and evading discovery. Accessing data using encrypted communication channels is also beneficial.
The fact that the Telegram channel was only established on August 31, 2024, and that it only has 12 subscribers, according to CYFIRMA, serves as further evidence that Yunit is a fledgling infostealer that has not yet proven its mettle. As an alternative, the Discord account isn't operational right now.
Prevention tips
Keep your systems updated: Regularly updating your operating system and software can help defend against known vulnerabilities that Yunit Stealer could exploit.
Use trustworthy antivirus software: While Yunit Stealer can disable some antivirus products, choosing a reputable and often updated security solution provides an extra degree of protection.
Avoid dubious links and downloads. Phishing attacks are frequently the starting point for malware infections. Use caution while opening email attachments or clicking on unexpected URLs.
Monitor your accounts: Check your online accounts on a regular basis for strange behaviour, particularly those that store sensitive data such as passwords and credit card information.