The content of the archive
In the created folder, the malware subsequently retains screenshots, cookies, accounting data, and data of auto-fills stolen from more than 20 web browsers, system information, a list of installed programs, Discord tokens, Steam, and Telegram sessions. The collected information is then transmitted to the Discord bot channel.
A chain of infection
Researchers noted that the complex function of collecting confidential information and the use of X509Certificate to support authentication allows for quick theft of information from Java implementation systems. The Discord bot channel, acting as an event listener to obtain filtered data, is also effective in the framework of the campaign.
/Reports, release notes, official announcements.