Authors of Valak information stealer are focusing more and more on stealing email credentials as researchers find a new module specifically built for this purpose. The malware emerged in testing mode in mid-October 2019 and has a modular plugin architecture that expands its capabilities to cover the needs of the threat actor.
Valak has been developed at an accelerated rate, with more than 30 variants being identified in six months. It started as a malware loader that later evolved to an information stealer focusing on enterprise targets.
It can infiltrate Microsoft Exchange servers to steal data from the mail system such as credentials and domain certificates that would allow access to an inside domain user.
In a technical analysis published today, researchers at cybersecurity company SentinelOne provide details about a new plugin called “clientgrabber,” whose task is to steal email credentials from the registry of a compromised machine.
Source: Bleeping Computer