Specialists at Cyfirma have uncovered a new data-stealing malware named “Bizfum Stealer,” which is being legitimately distributed via the GitHub platform. This sophisticated tool collects browser credentials, files, Discord tokens, and exfiltrates them to attackers via Telegram, encrypting the data beforehand using the RSA algorithm.
Upon activation in an infected system, Bizfum Stealer extracts login credentials, passwords, cookies, browsing history, and clipboard content. Its targets include popular browsers such as Chrome, Firefox, Edge, Opera, Brave, and Yandex. The malware also captures screenshots of the victim’s screen, saving them for later use by attackers.
Developed in the C programming language, Bizfum Stealer interacts efficiently with Windows operating system components and circumvents traditional security measures. To obscure its activities, it employs data compression and encryption, subsequently transmitting stolen information through anonymous servers and a Telegram bot.
The malware also aims to steal files with widely-used extensions like “.jpg,” “.pdf,” “.txt,” and “.docx,” storing them in a hidden directory. Discord tokens are extracted from the application’s local storage, granting attackers unauthorized access to user accounts.
Bizfum Stealer utilizes platforms such as GoFile to upload stolen data, generating download links for subsequent retrieval. This tactic minimizes direct interaction with attacker-controlled servers, making it harder to trace their activities.
Experts have noted that the GitHub project is presented as “educational and open-source,” which significantly heightens the risk of malicious use. Open accessibility enables anyone to modify the code and adapt it for their own attacks.
CYFIRMA researchers emphasize that Bizfum Stealer poses a serious security threat due to its ability to remain undetected by conventional antivirus solutions. Its capabilities include erasing traces of its activity and automatically clearing temporary files, complicating incident investigations.
To mitigate such threats, experts recommend strengthening the monitoring of anomalous activity, employing modern detection and response systems, and regularly updating software. Additionally, training employees to recognize phishing attempts and threats from open-source platforms is critical.
Bizfum Stealer serves as a stark reminder of the growing dangers posed by open-source platforms like GitHub, where malicious code can be disseminated under the guise of educational material. This underscores the need for heightened vigilance among cybersecurity professionals.
Developing robust defense strategies—such as monitoring indicators of compromise and restricting external connections—can help minimize the risk of data breaches and other attack consequences.
