New 'Chihuahua Stealer' Targets Browser Data and Crypto Wallets

SUMMARY :

A novel infostealer named Chihuahua Stealer has been detected, blending standard malware techniques with advanced features. This .NET-based malware employs a multi-stage PowerShell script infection process, utilizing Base64 encoding, hex-string obfuscation, and scheduled tasks for persistence. It targets browser data and cryptocurrency wallet extensions, extracting credentials, cookies, autofill data, browsing history, and payment information. The stolen data is compressed, encrypted using AES-GCM, and exfiltrated to an external server. The malware's sophisticated execution chain includes stealthy loading and a multi-staged payload, making it challenging to detect and analyze.

OPENCTI LABELS :

powershell,infostealer,.net,multi-stage infection,crypto wallets,browser data,chihuahua stealer,aes-gcm


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New 'Chihuahua Stealer' Targets Browser Data and Crypto Wallets