Sunday, January 26, 2025

Yunit Stealer: A New Malware That Bypasses Windows Defender and Steals Sensitive Data

Share

- Advertisement -

A newly identified malware called Yunit Stealer has surfaced, posing a serious threat to the security of Windows devices.

This sophisticated malware not only steals sensitive information like passwords and credit card details but also disables antivirus software, allowing it to remain undetected.

What makes Yunit Stealer particularly dangerous is its ability to add itself to Windows Defender’s exclusion list, effectively neutralizing the system’s built-in security measures.

This has the potential to cause significant damage to both personal and corporate systems.

How Yunit Stealer Works?

Cybersecurity researchers from CYFIRMA recently conducted a detailed analysis of Yunit Stealer, revealing the malware’s sophisticated methods of infiltration and persistence.

The malware primarily utilises JavaScript to perform a wide range of malicious activities, including retrieving system information, executing commands, and sending HTTP requests.

- Advertisement -

Yunit Stealer can embed itself deeply into the system by modifying the Windows Registry, adding tasks through batch files and VBScript, and more worryingly, setting exclusions in Windows Defender.

This clever manipulation allows the malware to operate in the background without raising alarms, making it difficult to detect and remove.

By disabling Windows Defender and other security measures, Yunit Stealer can secure its place on the device and continue to exfiltrate information over an extended period.

Targeting Sensitive Data

Yunit Stealer’s primary objective is to collect as much sensitive information as possible. Like many other infostealers, it focuses on gathering data stored in web browsers, including:

  • Passwords
  • Cookies
  • Autofill information
  • Credit card details
  • Cryptocurrency wallet data

Once it has harvested this information, the malware sends the data to its operators through various channels.

CYFIRMA’s research shows that Yunit Stealer prefers encrypted communication methods such as Discord webhooks and Telegram channels, ensuring the data is transferred securely and discreetly.

- Advertisement -

The information can also be uploaded to a remote server, where the cybercriminals can access it via a download link.

The link may even include screenshots taken from the infected device, offering further insights to the attackers.

This level of precision enables Yunit Stealer to exfiltrate data without drawing attention, making it a particularly challenging threat for cybersecurity teams.

Threat Actors and Evasion Techniques

The origins of Yunit Stealer are still under investigation, but it seems to be relatively new on the malware landscape.

CYFIRMA reported that a Telegram channel associated with the malware was created on August 31, 2024, and currently has only 12 subscribers.

The Discord account linked to Yunit Stealer is currently inactive, but the threat actors are likely using encrypted channels to maintain anonymity and evade detection.

- Advertisement -

What sets Yunit Stealer apart from many other malware types is its focus on persistence and stealth.

By disabling security tools and hiding in plain sight, Yunit Stealer could remain on an infected device for an extended period, continuing to steal valuable data.

Staying Safe from Yunit Stealer

To safeguard against Yunit Stealer, users are advised to take proactive measures:

  1. Keep your systems updated: Regularly updating your operating system and software can protect against known vulnerabilities that Yunit Stealer might exploit.
  2. Use reliable antivirus software: Even though Yunit Stealer can disable some antivirus programs, using a reputable and regularly updated security solution adds an additional layer of protection.
  3. Avoid suspicious links and downloads: Phishing attacks are often the entry point for malware infections. Be cautious when opening email attachments or clicking on unfamiliar links.
  4. Monitor your accounts: Regularly check for unusual activity in your online accounts, especially those storing sensitive data like passwords and credit card details.
- Advertisement -
Emily Parker
Emily Parker
Emily Parker is a seasoned tech consultant with a proven track record of delivering innovative solutions to clients across various industries. With a deep understanding of emerging technologies and their practical applications, Emily excels in guiding businesses through digital transformation initiatives. Her expertise lies in leveraging data analytics, cloud computing, and cybersecurity to optimize processes, drive efficiency, and enhance overall business performance. Known for her strategic vision and collaborative approach, Emily works closely with stakeholders to identify opportunities and implement tailored solutions that meet the unique needs of each organization. As a trusted advisor, she is committed to staying ahead of industry trends and empowering clients to embrace technological advancements for sustainable growth.

Read More

Trending Now