When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The process is done by copying the Web Data of all targeted browsers, they explained.
Web Data is a SQLite database storing sensitive data such as autofill information and saved payment methods.
Image Credit: Shutterstock
Furthermore, Python NodeStealer now uses Windows Restart Manager to unlock database files.
First, the infostealer extracts the information by copying web app database files into a temp folder.
Finally, the files are exfiltrated via a Telegram bot.
Python NodeStealer is most likely being developed by a threat actor located in Vietnam.
ViaThe Hacker News
