Beware! New WhiteSnake Malware Attack Windows & Linux Users

Beware! New WhiteSnake Malware Attack Windows & Linux Users

The Cyber Research and Intelligence Labs have recently identified a novel malware variant known as the “White Snake” Stealer, which has the potential to cause significant harm to computer systems and steal sensitive information.
This malicious stealer had been identified for the first time on the cybercrime forums. Moreover, this stealer is attainable in variants tailored for both major operating systems: –

• Windows
• Linux

Capabilities of WhiteSnake Stealer

In terms of sensitive information, it has the capability to gather a range of data, including:-

  • Passwords
  • Cookies
  • Credit card numbers
  • Debit card number
  • Taking Screenshots
  • Other personal data
  • Other financial data

Pricing of Malware

Below is a list of the prices for WhiteSnake Stealer with their respective validity:-

  • 120$ / 1 month
  • 300$/ 3 months
  • 500$ / 6 months
  • 900$ / 1 year
  • 1500$ / Lifetime

The cybercriminals have recently shared an advertisement screenshot, revealing the availability of WhiteSnake Stealer for Linux OS. Interestingly, the Linux variant offers the same range of features and capabilities as its Windows counterpart.

The binary for the Linux stealer is relatively small, with a file size of just 5KB, and it can be compiled utilizing extensions like:- 

  • .py 
  • .sh

At the beginning of the infectious rampage, a sneaky spam email, cunningly disguised as a harmless PDF document, delivers the nefarious payload in the form of an executable file.

Upon execution of the BAT file, a PowerShell script is initiated, which subsequently downloads a secondary BAT file named “build.bat” from a designated URL on the Discord platform.

A binary executable file named “build.exe” is then created from the decoded output, and it is saved to the %temp% folder as a binary executable file.

The initiation of “build.exe” results in the creation of a unique mutex dubbed “kwnmsgyyay,” which functions to limit the execution of the malware to a single instance at a time on the targeted system.

Browsers and Cryptocurrency Wallets Affected

  • Mozilla Firefox
  • Google Chrome
  • Brave-Browser
  • Chromium
  • Microsoft Edge
  • Atomic
  • Guarda
  • Coinomi
  • Bitcoin
  • Electrum
  • Exodus


There are some recommendations that have been made by CRIL’s cybersecurity experts that we have listed below:-

  • Make sure you do not download pirated software from warez or torrent websites.
  • Always use strong and unique passwords.
  • Make sure to enable multi-factor authentication.
  • Do not use any user passwords.
  • Make sure that the automatic software update feature is enabled.
  • It is recommended that you use a reputable anti-virus.
  • Make sure you do not open any links or attachments from untrusted emails.
  • It is advisable to block URLs that can be used as a means of spreading malware.
  • On a network level, make sure that the beacon is being monitored.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!