FortiGuard Labs is aware of a report that a new infostealer malware dubbed “WhiteSnake” is being sold in underground forums as a Malware-as-a-Service (MaaS) offering. WhiteSnake comes in Windows and Linux versions, and is capable of stealing information from popular Web browsers and apps installed on compromised machines and crypto wallets.Why is this Significant?This is significant because WhiteSnake is a new as a service infostealer being sold in underground web forums. As such, attackers can easily purchase the infostealer for a fee and use it to steal various types of sensitive information. What is WhiteSnake Infostealer?WhiteSnake is an infostealer that is capable of stealing sensitive information from popular Web browsers and apps such as Chromium-based browsers, Firefox, Edge, Steam and Telegram. It also targets various cryptocurrency wallets as well as crypto wallet browser extensions. The stolen information is then sent to attacker’s Telegram bots. The malware is being sold in underground websites and has both Windows and Linux version.A report indicates that WhiteSnake was circulated as a fake PDF file, however a WhiteSnake variant that FortiGuard Labs came across may have disguised a popular game for kids.How Widespread is WhiteSnake Infostealer?As the time of this writing, there is no indication that the malware is widely used. However, due to the malware being sold with a moderate price tag, it is expected that a high rate of adoption occurs as it is affordable for many cybercriminals regardless if they are professional or not.What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for WhiteSnake infostealer and related files: W32/Stealer.WS!trMSIL/Agent.APA!trPossibleThreat
More Stories
cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39
FEDORA-2024-cf6ab63871 Packages in this update: cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More
cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40
FEDORA-2024-01127974ec Packages in this update: cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More
cups-2.4.10-7.fc41 cups-browsed-2.0.1-3.fc41 libcupsfilters-2.1~b1-3.fc41 libppd-2.1~b1-2.fc41
FEDORA-2024-3fc82fed09 Packages in this update: cups-2.4.10-7.fc41 cups-browsed-2.0.1-3.fc41 libcupsfilters-2.1~b1-3.fc41 libppd-2.1~b1-2.fc41 Update description: Fix for remove vulnerabilities against OpenPrinting cups-filters Read More
USN-7045-1: libppd vulnerability
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7044-1: libcupsfilters vulnerability
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7043-1: cups-filters vulnerabilities
Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network....