It uses multithreading to steal user data and creates over 10 threads, enabling faster execution and stealing. The stealer is built using an unknown crypter which makes the debugging process tedious.
In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications such as cold crypto wallets, crypto-browser extensions, etc.
Our investigation indicates that the stealer is an emerging threat, and we have witnessed multiple samples of this stealer active in the wild. Though this stealer is fresh, the Threat Actor(s) (TA) has already rolled an updated version, 1.3.4. The stealer appears to have been developed recently.
Multi-Threading Approach used For Rapid Exfiltrationĭuring our routine Threat-Hunting exercise, Cyble Research Labs came across a new stealer named “PennyWise” shared by a researcher.