A dangerous two-stage malware threat, LeakyInjector and LeakyStealer, that targets cryptocurrency wallets and personal browser information explicitly.
The malware duo works in tandem to steal sensitive data from infected Windows computers. The attack begins when LeakyInjector, the first stage, quietly injects a second malware, LeakyStealer, into the explorer.exe process.
This injection technique uses low-level Windows programming interfaces to avoid detection by security software. Once installed, LeakyStealer takes over and begins searching for cryptocurrency wallets and browser history files.
What Data Gets Stolen
According to Hybrid-analysis, the LeakyStealer hunts for multiple popular cryptocurrency wallets, including Electrum, Exodus, Atomic, and Ledger Live.
It also targets browser-based crypto wallets like MetaMask, Phantom, Coinbase Wallet, and Trust Wallet.
Beyond crypto theft, the malware extracts browser history from Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi browsers.
The malware communicates with a command-and-control server to send stolen data back to the attackers.
It uses sophisticated techniques, such as a “polymorphic engine” that modifies its own memory at runtime to evade security detection tools.
Both malware stages are digitally signed with valid certificates, making them appear legitimate to Windows security systems.
The malware establishes persistence by copying itself as “MicrosoftEdgeUpdateCore.exe” and adding itself to Windows startup routines, ensuring it survives system restarts.
LeakySteaker regularly beacons to the attacker’s command server, sending back machine information such as hostname, username, and Windows version.
Attackers can then send remote commands to download and execute additional malware or run Windows system commands on your computer , as reported by Hybrid-analysis.
Users should immediately update security software and enable real-time monitoring. Avoid downloading software from untrusted websites, and be cautious of suspicious email attachments or links.
Consider using hardware cryptocurrency wallets rather than browser-based extensions for greater security.
Keep your operating system and browsers fully updated with the latest security patches to reduce vulnerability to such threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
