Anivia Stealer: The New Malware Threat Bypassing Windows Security
Article Text:
A new and sophisticated information-stealing malware, known as Anivia Stealer, has surfaced on underground forums, posing a significant threat to Windows users. Marketed by a threat actor identified as ZeroTrace, this malware is engineered to infiltrate Windows systems ranging from the outdated XP versions to the latest Windows 11 platforms.
Technical Composition and Capabilities
Developed using C++17, Anivia Stealer is equipped with advanced evasion techniques and extensive data exfiltration capabilities. Its design allows it to operate stealthily, making detection and mitigation challenging for both individual users and enterprise networks.
User Account Control (UAC) Bypass Mechanism
A standout feature of Anivia Stealer is its ability to circumvent Windows’ User Account Control (UAC) mechanisms. By employing automatic elevation techniques, the malware can execute privileged operations without triggering the usual security prompts that alert users to potential threats. This capability enables the malware to access protected system areas, registry hives containing cached credentials, and memory spaces holding authentication secrets that would typically require administrative approval.
Distribution and Pricing
Security researchers from KrakenLabs have observed ZeroTrace promoting Anivia Stealer across various cybercriminal marketplaces. The malware is offered on a subscription basis, with pricing tiers ranging from €120 for a one-month license to €680 for lifetime access. This pricing model makes the malware accessible to a wide range of threat actors, increasing its potential for widespread deployment.
Data Targeted by Anivia Stealer
Anivia Stealer is designed to harvest a broad spectrum of sensitive information from infected systems, including:
– Browser credentials
– Authentication cookies
– Cryptocurrency wallet data
– Messaging platform tokens
– Local Security Authority (LSA) credentials
– System screenshots
The malware maintains encrypted communication channels with its command-and-control infrastructure and features automatic update capabilities to evade detection signatures.
Potential Links to Previous Malware
Threat intelligence suggests that Anivia Stealer may be a rebranded or forked version of the previously identified ZeroTrace Stealer. GitHub commit histories and developer metadata indicate connections between both projects, pointing to the same malicious actor responsible for distributing Raven Stealer.
Implications for Cybersecurity
The emergence of Anivia Stealer underscores the evolving tactics of cybercriminals and the continuous development of sophisticated malware. Its ability to bypass UAC controls and target a wide range of sensitive data makes it a formidable threat. Users and organizations are advised to implement robust security measures, including regular system updates, the use of reputable security software, and heightened awareness of phishing tactics that may be used to distribute such malware.
