It is pertinent to mention that malware developers commonly improve upon their creators. ImBetter particularly targets cryptocurrency-related browser extensions ( full list) and aims to steal their credentials so as to gain control over the digital funds stored therein. From Web browsing apps, this stealer can obtain Internet cookies, stored log-in credentials (usernames/passwords), saved credit card numbers, etc. ImBetter is capable of extracting various data from browsers, specifically – Chromium-based browsers ( full list). Afterward, the program started gathering relevant device data, e.g., hardware ID, GPU, CPU, RAM, screen details, etc.
If the information did not match the language/region exclusion list, ImBetter took a screenshot of the infected system and sent it to the attackers. If the malicious program found that this data indicated Russian, Russian – Moldova, Bashkir, Belarusian, Kazakh, Tatar, or Yakut – the infection process ceased, and the malware terminated itself. The observed infection chain of ImBetter began with the malware acquiring data in order to determine the system language and region. ImBetter has been actively spread via malicious websites disguised as ones relating to cryptocurrency and those offering online file format conversion services. Stealers can extract a wide variety of sensitive information from systems and installed applications. ImBetter is the name of an information-stealing malware.
0 kommentar(er)
