A new form of malware has recently been identified by researchers at Cyble, who have found that the Malware-as-a-Service Infostealer ObserverStealer is now operating under a new identity called AsukaStealer. This newly rebranded and revamped malware, introduced in 2024, has leveraged a sophisticated Malware-as-a-Service (MaaS) model, inspired by the ObserverStealer from 2023. The AsukaStealer showcases new capabilities, features, and the ability to collect a wide range of data from a user’s system, including browser credentials, cryptocurrency wallets, and desktop screenshots.
Priced at $80 for a one-month subscription, AsukaStealer provides a web panel interface and flexible settings for ease of use. According to Cyble Research & Intelligence Labs (CRIL), the threat actor behind this new malware marketed it as a comprehensive suite of capabilities aimed at clandestinely pilfering sensitive information from unsuspecting victims. AsukaStealer is predominantly coded in C++ and equipped with a web-based (GUI) panel for flexible configuration and control.
Upon analyzing the AsukaStealer_configuration.txt file, experts found that the configuration code referred to a setup script for the tool, potentially for Discord, browsers, or gaming platforms like Steam. The latter part of the code seemed to involve file paths and patterns related to specific applications and their data storage locations. The code appeared to be a script designed to locate and interact with various files and directories related to web browsers, gaming platforms, and other applications, potentially for the purpose of data extraction.
AsukaStealer bears a striking resemblance to its predecessor, ObserverStealer, which was closed by the operators on July 19, 2023. Detailed research revealed overlapping features, operational methodologies, and even shared infrastructure between the two malware variants. This suggests the involvement of the same threat actors orchestrating both campaigns, indicative of a concerted effort to continually refine and proliferate their malicious tools.
The strategic utilization of anime-themed imagery, particularly referencing the character Asuka Langley Soryu from Neon Genesis Evangelion, highlights the involvement and inspiration of threat actors from Japanese anime and manga. This suggests that the threat actors behind AsukaStealer may have a specific interest or affiliation with the anime and manga culture.
In light of this report, it is important to take proper precautions to protect sensitive information from falling into the hands of cybercriminals. Users are advised to use up-to-date antivirus software and practice safe browsing habits to minimize the risk of falling victim to such malware attacks. The Cyber Express assumes no liability for the accuracy or consequences of using this information, emphasizing that the report is for reference purposes only.