'Chaes' Infostealer Code Contains Hidden Threat Hunter Love Notes

Appearing flattered by the dogged analysis of Chaes malware over the years, the infostealer’s developer dropped secret messages in the latest version of the code praising threat hunter efforts and thanking them for the interest.

Analysis of infostealer Chaes 4.1 in debug mode reveals a number of intricate ASCII art pieces hidden within the code, according to Morphisec malware researcher Arnold Osipov, who also received a special shout-out message from the malware developers, also hidden within the infostealer malware code.

“We spend several hours of our lives trying to write code that is work being analysed by such talented researchers like yourself,” the message from the Chaes developers addressed specifically to Osipov read. “We sincerely hope our efforts meet your expectations.”

The code also contains a mention that the Chaes team was discovered by Cybereason three years ago. “We are still a bae,” they wrote.

The current Chaes campaign being tracked by Osipov uses a Portuguese-language email, purportedly from an attorney about an urgent legal matter. If the user clicks the malicious link they are delivered to a spoofed website for TotalAV, asked to add their password to download a document, which then serves up the MSI installer, Morphisec’s new report explained. The latest version of the Chaes framework included some improvements, notably in the “Chronod” module, which intercepts victim browser activity, the research found.

“The threat actor has a history of expressing appreciation to security researchers for helping in the improvement of their ‘software,” the report added. “However, this is the first time such gratitude has been expressed directly within the code.”

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://www.darkreading.com/threat-intelligence/chaes-infostealer-code-threat-hunter-love-notes

Generative Data Intelligence

‘Chaes’ Infostealer Code Contains Hidden Threat Hunter Love Notes

Cleffa Hatch Day-Pokémon GO

DOJ insists Tornado Cash operated as a ‘commercial enterprise’

Latest Intelligence

Top 8 ICOs for 2024: BlockDAG Leads with Record-Breaking Presale

BDAG’s $20.7M Presale, Eclipsing Galaxy Fox Debut

Upbit Dominates South Korea’s Crypto Market, Ranking Top 5 Globally: Report

Justin Biever’s NFT Portfolio Lost Over 94% of Its Value, Gong from $2 Million to $100,000

Solana Witnessing ‘Dramatic Increase’ in Investor Allocations This Year, According to New CoinShares Survey – The Daily Hodl

CFI, Deriv, Gold-i and More: Executive Moves of the Week

Chat with us