A recent outbreak of CopperStealer malware, which is also referred to as Mingloa, has been observed stealing sensitive and personal information, including log-in credentials from Amazon, Google, Apple and Facebook accounts.
CopperStealer is currently active in Brazil, Indonesia, Pakistan and India, among other countries and being spread via websites that offer illegal activation tools or “cracks” for licensed software. Researchers at ProofPoint believe that this current incarnation of CopperStealer is a variation of code within the SilentFade malware family as both exhibit some of the same targeting and delivery methods.
CopperStealer Scans Saved Passwords in Web Browsers
CopperStealer works by preying on computer users looking to save money by downloading cracked software or an illegal key generation program. As legitimate software often requires a product key to upload and run, victims are led to believe that they received a lucky break in achieving the use of costly software without having to pay for it. But they learn quickly that in an online world full of hackers, nothing is truly free.
Instead, or in addition to the useful program they coveted, their computer is also infected with CopperStealer. The malware runs in the background and searches the victim’s web browsers for saved login credentials. According to researchers, Chrome, Edge, Yandex, Opera and Firefox browsers are specifically searched by CopperStealer to retrieve Facebook and Instagram credentials. Also at risk could be Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter credentials.
If these accounts are breached, hackers might obtain credit card information and then proceed to make unauthorized purchases. Although users of these platforms can potentially be victimized, enabling the use of “Two Factor Authentication” (or 2FA) can protect your account even in the event that your password is stolen.
CopperStealer also deploys the use of a “downloader” function that could permit the infection to install additional malware, such as keyloggers, ransomware or potentially unwanted programs (PUPs), on the victim’s computer.
This new outbreak serves as a reminder to avoid shortcuts in obtaining software programs and employ 2FA and other security measures for all your accounts and apps.