Airstalk demonstrates advanced capabilities in its design, using both PowerShell and .NET variants to execute multi-threaded communications and target browser data including cookies and history. The malware hijacks the AirWatch API for clandestine communication, allowing it to exfiltrate sensitive data without raising suspicion. This sophisticated malware showcases espionage techniques, providing persistence through covert channels, while being tracked under threat cluster CL-STA-1009 by researchers from Palo Alto Networks.
Distinct from typical information stealers, Airstalk can operate within trusted systems management frameworks, making detection challenging. Its communication protocol utilizes JSON messages and the malware is engineered to ensure stealth through the use of code-signed binaries. The dual variants—PowerShell targeting Google Chrome and .NET encompassing Microsoft Edge—demonstrate its versatility in credential harvesting. With features like periodic beaconing and parallel task management, Airstalk represents a significant advancement in malware sophistication, exemplifying a new era of cyber threats.
👉 Pročitaj original: Cyber Security News
