Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malicious Browsers. Show all posts
Malware Threat
Browser Credential Theft Cyber Attacks CyberThreat Data Theft Information Security Infostealer Infostealer Malware Malicious Browsers Malware Attack Malware Threat

Shuyal Malware Targets 19 Browsers with Advanced Data Theft and Evasion Capabilities

 

A newly discovered infostealing malware named “Shuyal” has entered the cyber threat landscape, posing a serious risk to users by targeting a wide range of web browsers and deploying sophisticated evasion methods. Identified by researchers at Hybrid Analysis, Shuyal is capable of stealing credentials and sensitive information from 19 different browsers, including lesser-known privacy-focused options like Tor and Brave. 

The malware is named after identifiers found in its code path and represents a new generation of data stealers with expanded surveillance capabilities. Unlike traditional malware that only focuses on login credentials, Shuyal goes deeper—harvesting system-level information, capturing screenshots, monitoring clipboard activity, and sending all of it to cybercriminals using a Telegram bot-controlled infrastructure. 

In his analysis, Vlad Pasca from Hybrid Analysis highlighted that Shuyal performs extensive system reconnaissance. Once it infects a device, it disables the Windows Task Manager to prevent users from detecting or ending the malware’s process. It also hides its tracks by removing evidence of its activities through self-deleting mechanisms, including batch scripts that erase runtime files once the data has been exfiltrated. 

Among the browsers targeted by Shuyal are mainstream options such as Chrome and Edge, but it also compromises more obscure browsers like Waterfox, OperaGx, Comodo, Falko, and others often marketed as safer alternatives. This wide reach makes it particularly concerning for users who believe they are using secure platforms. 

Shuyal collects technical details about the system, including hard drive specifications, connected input devices like keyboards and mice, and display configurations. It compresses all collected data using PowerShell into a temporary folder before transmitting it to the attackers. This organized method of data collection and transfer demonstrates the malware’s highly stealthy design. 

The malware also ensures it remains active on compromised machines by copying itself into the Startup folder, allowing it to launch each time the system is rebooted. 

Although researchers have not yet pinpointed the exact methods attackers use to distribute Shuyal, common delivery vectors for similar malware include phishing emails, malicious social media posts, and deceptive captcha pages. Experts caution that infostealers like Shuyal often serve as precursors to more serious threats, including ransomware attacks and business email compromises. 

Hybrid Analysis encourages cybersecurity professionals to study the published indicators of compromise (IOCs) associated with Shuyal to strengthen their defense strategies. As cyber threats evolve, early detection and proactive protection remain essential.
Read more »
Wave Browser
Browsers Malicious Browsers malware Privacy and Security Wave Wave Browser

Is Wave Browser Safe ?


Unless it is an ultimate exception, everyone has a browser installed on their computer and smartphones to surf the web, work, communicate with others and more. 

However, there are significant differences in browsers. Some browsers prioritize speed and convenience, some privacy, while other browsers focus on certain specialized tasks. And there come browsers that are potentially wicked, such as the Wave browser. 

Is Wave Browser Safe? 

On their official websites, Wave browsers portray themselves as an alternative to mainstream software that guarantees "anonymity of your data," and offers a personalized experience to users. "Not only do we not pass your data onto third parties, we don't even store it ourselves," the website states. 

Wave browser is available on Windows, MacOS, Android, and iOS. It can be installed via Google Play and App Store, indicating its successful marketplace requirement regarding functionality and security.

The Wave browser is classified as a Potentially Unwanted Program (PUP). PUPs, as the term suggests are not very harmful. However, certain behaviours displayed by PUP do cause indirect or direct harm: display unwanted ads, slow down the user's device, collect an excessive amount of data, etc. 

Wave browsers are almost every time installed unintentionally, attached to other software. For instance, a user’s antivirus software may fail to detect Wave, consequently making him download and install the malicious browser. During its installation, the browser may even trick the user into clicking certain boxes, which ultimately enables it to import data and become their default browser. 

A user may not even recognize anything suspicious, since Wave is, in fact, a browser. Wave browser is based on Chromium, the open-source web browser project that is the foundation for Chrome, Microsoft Edge, Brave, and several other similar products. However, after a few minutes of its installation, the user will realize what has transpired, since their system will be bombarded with annoying ads and pop-ups. Also, a user may take a hint when their browser becomes incapable of showing relevant search results and only displays search ads, or links leading to websites unrelated to the keyword they may have entered.

Since Wave will not display any relevant search results, but instead they may lead the users into paying for advertising, one may encounter shady webpages, that may as well contain a malware. While Wave itself is not a malware, it may lead its victim to phishing sites or malicious programs, entailing risk to their privacy and security. 

This answers the question of ‘Is Wave browser safe?’ which is ‘No, it is not.’ While it is neither a virus nor any malware, it certainly should not be there in a user’s device. Wave browser will only serve them with annoying ads, display irrelevant search results and compromise their security, at worst.  

Read more »
Subscribe to: Posts (Atom)