
Sign up to save your podcasts
Or


Malware Spotlight: LTX Stealer
CYFIRMA researchers uncovered a sophisticated Windows info-stealer hidden in a legit Inno Setup installer.
Key takeaways:
🔹 Node.js stealer with Bytenode bytecode obfuscation
🔹 Targets Chromium browsers & crypto wallets
🔹 Persists in hidden/system folders under Program Files(x86)
🔹 Uses Supabase for operator auth + Cloudflare to mask backend
🔹 Commercial-grade Malware-as-a-Service (MaaS)
Modern attackers are using trusted installers + runtime decryption to evade detection. Stay vigilant!
Link to the Research Report: LTX Stealer : Analysis of a Node.js–Based Credential Stealer - CYFIRMA
#CyberSecurity #MalwareAnalysis #Infostealer #NodeJS #ThreatIntel #MaaS #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/
By CYFIRMAMalware Spotlight: LTX Stealer
CYFIRMA researchers uncovered a sophisticated Windows info-stealer hidden in a legit Inno Setup installer.
Key takeaways:
🔹 Node.js stealer with Bytenode bytecode obfuscation
🔹 Targets Chromium browsers & crypto wallets
🔹 Persists in hidden/system folders under Program Files(x86)
🔹 Uses Supabase for operator auth + Cloudflare to mask backend
🔹 Commercial-grade Malware-as-a-Service (MaaS)
Modern attackers are using trusted installers + runtime decryption to evade detection. Stay vigilant!
Link to the Research Report: LTX Stealer : Analysis of a Node.js–Based Credential Stealer - CYFIRMA
#CyberSecurity #MalwareAnalysis #Infostealer #NodeJS #ThreatIntel #MaaS #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/