AuTo Stealer

AuTo Stealer is a malicious software (malware) developed in C++ and has been utilized by the Pakistani threat actor SideCopy since December 2021. The primary targets of this malware are government agencies and personnel located in India and Afghanistan. The deployment strategy involves the use of romantic lures, which have proven to be an effective means of tricking unsuspecting victims into downloading and executing the malware. The primary functionality of AuTo Stealer is information theft. It is specifically designed to gather and exfiltrate a wide range of data types, including Microsoft Office files, PDF documents, database and text files, and images. This stolen information is then transmitted over HTTP or TCP, making it a potent tool for cyber espionage and data theft. SafeBreach has been actively monitoring and documenting the activities of AuTo Stealer. Their coverage provides critical insights into the operation of this malware and its associated threat actor. By understanding its methods and tactics, cybersecurity professionals can develop more effective defenses against this type of threat. SafeBreach's research contributes significantly to the ongoing efforts to protect sensitive data and systems from such malicious attacks.