"SEA is a feature that allows Node.js applications to be packaged and distributed as a standalone executable, even on systems without Node.js installed. "Both approaches are effective for distributing Node.js-based malware, as they allow execution without requiring a pre-installed Node.js runtime or additional dependencies," security researchers Eduardo Altares and Joie Salvio said in a report shared with The Hacker News."
"On a dedicated website, the threat actors behind Stealit claim to offer "professional data extraction solutions" via several subscription plans. This includes a remote access trojan (RAT) that supports file extraction, webcam control, live screen monitoring, and ransomware deployment targeting both Android and Windows operating systems. Prices for the Windows Stealer range from $29.99 for a weekly subscription to $499.99 for a lifetime license."
Stealit is an active malware campaign that uses Node.js Single Executable Application (SEA) packaging and, in some variants, the Electron framework to deliver payloads without requiring a pre-installed Node.js runtime. The malware is distributed via counterfeit installers for games and VPN applications uploaded to file-sharing services such as Mediafire and Discord. Fake executables run installers that retrieve components from a command-and-control server, perform anti-analysis checks, and install malicious modules. The installer writes a Base64-encoded 12-character alphanumeric authentication key to %temp%\cache.json to authenticate with the C2. Threat actors offer subscription-based RAT services with tiered pricing and capabilities including file extraction, webcam control, live screen monitoring, and ransomware deployment for Windows and Android.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]