Taurus: The new data stealer that avoids sandbox detection
July 2020 by Zscaler
A new malware campaign that uses a stealer by the name of Taurus has been observed by Zscaler’s ThreatLabz team, which they have been tracking since early June. The "Predator the Thief" cybercriminal group is behind the development of this stealer, and is selling it on dark forums for $100 or rebuilt with a new domain for $20.
The group claims that this stealer is capable of stealing passwords, cookies, and autofill forms along with the history of Chromium- and Gecko-based browsers. Taurus can also steal some popular cryptocurrency wallets, commonly used FTP clients credentials, and email clients credentials. It also collects information, such as installed software and system configuration, and sends that information back to the attacker. The Zscaler ThreatLabz team discovered that attackers initiated this campaign by sending a spam mail to the victim containing a malicious attachment.