The Nocturnal Stealer malware has crept into the Dark Web like a thief in the night, offering criminals a lucrative payday for a small price — and little effort.
It’s a commodity malware, debuting on an underground forum in March for the low price of $25. It steals things, including 28 different kinds of cryptocurrency wallets, saved FTP passwords within FileZilla, and Chrome and Firefox browser information (such as login credentials, cookies, web data, autofill data and stored credit cards). It also zips up system data, including IP address and language, machine ID, date/time, installation location, operating system, architecture, username, processor type, video card info and a list of all running processes, to send to the C2 server.
