As per Juniper Networks, it also steals: PC and system information, credit card browser data, browser passwords, installed software and processes, desktop files, screenshot of desktop, browser cookies, steam files, AutoFill browser fields, Discord and Telegram data, and FileZilla files.
The program dumps this information to the malware controller’s Telegram account, ensuring relative security for the data it steals. It can clip and change Monero, Litecoin, Zcash, Dash, and Ethereum addresses automatically and uses special search functions to pinpoint these addresses on one’s clipboard. Once it swaps the addresses it can intercept crypto as its being sent to legitimate wallets.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now