Severity
High
Analysis Summary
The Oski stealer is a type of malicious software that was originally discovered in November 2019. This successful data-harvesting tool is spreading throughout North America and China, gathering account passwords, credit card information, and other sensitive data. This form of malware is still one of the most common types of malware employed in cyber-attacks. The malware is typically spread through phishing emails, infected software downloads, and exploiting vulnerabilities in outdated software. Once installed, Oski Data Stealer can gather information in various ways, such as key logging, screenshot capturing, data theft, and downloading additional malware.
To prevent infection, it is important to follow best practices for computer security, such as keeping all software up-to-date, being cautious when opening emails and attachments from unknown sources, regularly backing up important data and installing and using reputable anti-virus software.
Impact
- Credential Thefts
- Unauthorized Access
- Information Theft
Indicators of Compromise
MD5
- ddee3051b544961caf086b496a1335eb
- 28682416fd765969c4d42c76d8f59d69
- 757f9b45ee33980b07406aef416bf25c
SHA-256
- 2082e713282ab51284141b3dbd96f27bd7c27dec371c800f678916a1719bbb83
- dfe5049756f130f2559746da26d1a7dce785b0099a715b55d3cc6f31361c96c0
- f4d42993edb8d76c99b92ae963656adde31f57336032bd351163ae2322475eca
SHA-1
- 94a0b05c3599648dfc7f4a0f89ce7fa0f923fd26
- 723de57b27d0b285ea5003907eb2c44159ecef31
- f950bd2804f25122dbd49e1c515567e5d151a134
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Maintain daily backups of all computer networks and servers.