"CopperStealer Malware Infected up to 5,000 Hosts per Day Over First Three Months of 2021"
CopperStealer is a newly documented China-based malware that has stolen user credentials on major platforms, including Facebook, Instagram, Apple, Amazon, Bing, PayPal, Tumblr, Twitter, and Google. Proofpoint researchers were first alerted about the malware sample in late January. According to Chris Morgan, the senior cyber threat intelligence analyst at Digital Shadows, CopperStealer offers its users various options for exfiltrating sensitive data and dropping additional malware. The targeting of several different social media platforms indicates that the CopperStealer malware operator likely wants to takeover targeted accounts to perform additional malicious activities. It has been confirmed that threat actors from the People's Republic of China (PRC) are linked to the creation of CopperStealer. These threat actors are known to have previously used compromised social media accounts to spread misinformation as well as influence operations in regard to PRC events. The delivery of CopperStealer relies on users' interaction with torrent sites that offer free versions of legitimate software. This article continues to discuss the discovery, creation, capabilities, delivery, impact, and mitigation of the CopperStealer malware.