Apart from the daily activity on the dark web, a new surface-level menace has emerged on the scene – the notorious “Nget Stealer.” This information stealer, operating under the radar with full undetectability (FUD), has set its sights on cryptocurrency wallets, posing a risk to online privacy and financial security.
The Nget Stealer is currently being hosted at https://intrusion.lol/, marketing it as a “Discord C2 Stealer”. The website also links to a Discord server, which is currently down with a notification stating, “This invite may be expired or you might not have permission to join”.
Breaking Down Nget Stealer, the New Information Stealer
Nget Stealer employs a stealthy approach, extracting sensitive data such as passwords and cookies from browser sessions, amplifying the potential for privacy breaches. What sets it apart is its reverse shell feature, providing attackers with versatile control. However, this control extends beyond data extraction, as Nget Stealer is capable of terminating critical processes, inducing a dreaded Blue Screen of Death (BSOD).
The malicious tool doesn’t stop there – it comes equipped with Auto Nitro Purchase (ANP) and Grab Gift Inventory Codes (GIG) features, heightening the potential for financial exploitation. The inclusion of advanced encryption methods such as Fernet, AES, and CBC for secure communication through webhooks adds another layer of sophistication to this cyber threat.
The individual responsible for Nget Stealer proudly boasts about its features, including a clean cmd builder with obfuscation in 20 layers, Fernet Webhook Encryption in 15 layers, and a fast response time without crashes. The builder ensures that the aftermath generated by Nget is automatically cleaned up, demonstrating the tool’s efficiency and ability to cover its tracks seamlessly.
A Threat for Organizations, a Comfort for Cybercriminals
Nget Stealer’s compatibility is limited to Windows 10 and 11, with no version available for Mac users. The prerequisites for utilizing this stealthy tool include Python 3.9 or lower, and it can possibly be used on a virtual machine running Win10/11.
The danger posed by Nget Stealer is further exacerbated by its presence on popular communication platforms like Discord and Telegram, where it operates as a command and control (C2) server. This signifies a growing trend among cybercriminals to exploit widely used platforms for their malicious activities.
In light of this emerging threat, users are urged to exercise extreme caution and implement robust cybersecurity measures. Since these information stealers exist on surface-level internet, hackers or individuals with malicious intentions can leverage these tools for exploits and cyberattacks.
This is an ongoing story and The Cyber Express is keeping a close look at any developments in the Nget Stealer story. We’ll update this post once we have more information about this information stealer and how it operates.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.