MrAnon Stealer - How to Remove?

MrAnon is an infostealer malware written in Python, that relies on email spam as a key spreading method. Its functionality is rather typical for a modern stealer, though it remains rather dangerous.

Its capabilities include file downloads from specific locations, screenshot capture, and extraction of extensive data from browsers, cryptocurrency wallets, messengers, and various applications. The stolen information is uploaded to a file-hosting site, with notifications sent to attackers via Telegram. Potential future iterations may introduce new functionalities.

MrAnon Stealer Overview

MrAnon is a Python-based infostealer – a rather common sight nowadays. It exhibits diverse data-extraction features, focusing on browsers, cryptocurrency wallets, messaging platforms, and various applications. Available for sale online, MrAnon showcases multiple variants with distinct functionalities based on payment plans. Notably, this malware has been observed spreading through email spam campaigns.

MrAnon analysis on VirusTotal

Name	MrAnon
Detection	Trojan.Win32.Agent.sa, Trojan:MSIL/Malgent!MSR (see more on VirusTotal)
Damage	Steals personal information, cookies, passwords and other credentials
Similar Behavior	Umbral, Vidar, StealDeal

Technical Analysis of MrAnon Stealer

Upon successful infiltration, MrAnon employs deceptive pop-up messages like “File Not Supported” or “Not Run: python.exe” to mislead victims into believing that the malware installation on their devices failed. This false sense of security reduces the likelihood of users taking further protective measures.

The malware initiates its operations by seeking and terminating specific processes linked to targeted applications, including browsers, messengers, and cryptowallets. MrAnon executes data gathering by stealthily accessing legitimate websites to obtain the victim’s IP address (geolocation), country name, and code. This malware may infiltrate systems in a heavily compressed format, leveraging its small file size to evade detection.

MrAnon is proficient in downloading files from infected devices, scanning locations such as Desktop, Documents, Pictures, and Downloads for various file formats. This stealer also has the capacity to capture screenshots and extract data from over twenty browsers, gathering a wide array of information. Typically, browsers store cookies, history, credit card info and stuff the like. All these things become a target for MrAnon.

How to Remove Malware?

Frequently Asked Questions (FAQ)

My computer is infected with MrAnon malware, should I format my storage device to get rid of it?

Reformatting your storage device should only be considered as a last resort for removing MrAnon malware. Prior to taking such drastic action, it is advisable to perform a comprehensive scan using trustworthy antivirus or

What are the biggest issues that malware can cause?

Malware poses a significant risk to the security and privacy of sensitive information, potentially leading to identity theft, financial loss, and unauthorized access to personal accounts. Furthermore, it can disrupt the normal operation of a system, causing performance issues, system crashes, and data corruption.

What is the purpose of MrAnon?

The purpose of MrAnon is to enable remote access and control of compromised devices. It allows threat actors to perform various malicious activities, such as unauthorized access, data theft, system manipulation, and disabling security measures, potentially causing significant harm to individuals and organizations.

Will Gridinsoft Anti-Malware protect me from malware?

Nevertheless, it is crucial to recognize that sophisticated malware can remain hidden deep within the system. Consequently, conducting a complete system scan is imperative to detect and eradicate malware.