Foresiet's threat intelligence team has identified a new info-stealer, named Sharp Stealer, deployed against gamers. Written in C#, the malware is capable of pilfering system information and details from Google Chrome, Yandex, Brave, Edge, Comodo, and UR browsers. Additionally, it can collect geolocation of the victim and user information from Vime World, the gaming server of Minecraft.

What is Sharpil RAT?

Sharpil RAT is a type of malware, specifically a remote access Trojan (RAT), that allows unauthorized users to gain remote control over a victim's computer. Once infiltrated, RATs enable attackers to execute various malicious actions on infected systems, such as stealing sensitive data, installing additional malware, taking screenshots, etc.

Background

Sharpil RAT is a form of malware that poses a significant threat to computer systems and networks. This paper aims to explore the nature of Sharpil RAT, its functionalities, distribution methods, and potential impacts on affected systems. By understanding the inner workings of Sharpil RAT, it becomes possible to develop effective strategies for detection, prevention, and mitigation.

Virus total analysis

Understanding Sharp Stealer

The file wasn't encrypted or obfuscated, so it was possible to obtain information about the threat actor based on the configuration data and Telegram API token. The Telegram bot provided in the sample leads to a user who identifies themselves as both the developer of the stealer and an administrator of the Telegram channel "STEALER | SHARP PROJECT | PRIVATE SOFTWARE".

The threat actor, a Russian speaker, sells Sharp Stealer for $10 (rent) and $30 (to buy "forever"). They claim that it is a lightweight .NET application that requires no host and transmits data directly to a chat with a Telegram bot. The Telegram channel was created on April 3, 2024, and since then, only two messages with small updates have been posted.

The Threat Actor

The threat actor, a Russian speaker, sells Sharp Stealer for $10 (rent) and $30 (to buy "forever"). They claim that it is a lightweight .NET application that requires no host and transmits data directly to a chat with a Telegram bot. The Telegram channel was created on April 3, 2024, and since then, only two messages with small updates have been posted.

Threat actor Telegram group

Sharpil RAT - A Cybersecurity Threat Analysis

Sharpil RAT is a form of malware that poses a significant threat to computer systems and networks. This paper aims to explore the nature of Sharpil RAT, its functionalities, distribution methods, and potential impacts on affected systems. By understanding the inner workings of Sharpil RAT, it becomes possible to develop effective strategies for detection, prevention, and mitigation.

File drop attacks involve placing malicious DLL files onto a system to execute unauthorized code. These DLL files may appear harmless but can cause significant damage. Once executed, the malware infiltrates the system, extracting sensitive login details, posing a severe threat to user privacy and online safety. Players should remain vigilant, updating their security software and avoiding suspicious downloads.

The stolen data is saved in separate files, archived together, and sent to a Telegram bot. As proof of the malware's functionality, the threat actor left a screenshot from the Telegram bot. Judging from the type of data that is being exfiltrated, one can infer that there is a wide range of applications often used by gamers that seem to be targeted. This is not unheard of but not very common and therefore notable. Since Discord is a widely used platform in the gaming as well as the streaming scene, and Sharp Stealer also targets various gaming platforms and messengers, one can form their own ideas about who the target demographic might be.

Impacts and Solutions:

The emergence of Sharp Stealer underscores the ongoing need for robust cybersecurity measures, particularly in the gaming community. Here are some proactive steps to mitigate the risks posed by Sharp Stealer:

Conclusion:

Sharp Stealer represents a significant threat to gamers, designed to steal sensitive data and compromise computer systems. By remaining vigilant and implementing robust cybersecurity measures, individuals and organizations can reduce the risk of falling victim to such malicious software. The battle against cyber threats is ongoing, and it requires a proactive, collaborative effort from all stakeholders to stay ahead of the curve. Stay informed, stay secure.

About us!

Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization's defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.