Onusman_2022-10-31_update.zip -

Scans for browser extensions and local files related to cryptocurrency wallets (e.g., MetaMask, Binance).

In the October 2022 variants, the malware frequently utilized Telegram Bot API or Discord Webhooks as a low-cost, encrypted channel to send stolen logs back to the attacker. Indicators of Compromise (IOCs) Onusman_2022-10-31_update.zip

The file is associated with a specific campaign involving the Onusman (also known as OnuSman or OnuSman-Stealer) malware . This particular update surfaced around late October 2022, primarily targeting Windows environments to exfiltrate sensitive data. Executive Summary Scans for browser extensions and local files related

Steals saved passwords, cookies, and autofill data from Chrome, Firefox, Edge, and Brave. This particular update surfaced around late October 2022,

Collects IP addresses, hardware specs, OS versions, and screenshots of the active desktop. 3. Exfiltration and C2

Creation of keys in \Software\Onusman or similar strings. Remediation Steps