An all-in-one malware platform named Cinoshi has been discovered by security researchers that consist of stealer, botnet, cryptominer, and clipper services - all operated via a single panel. The operators of this multi-purpose platform aggressively marketed the platform while offering some services for free.
Cinoshi Stealer and its capabilities
Cinoshi Stealer, integrated with other malware components via the web panel, is capable of stealing a vast amount of sensitive information from the infected device.
- It collects cards, cookies, and credentials from popular browsers including Chromium, Edge, and Gecko.
- It collects data from over 35 crypto wallets and browser extensions, and steals sessions from Discord, Telegram, and Steam.
- It further allows taking screenshots of the computer and capturing pics from the webcam.
Cinoshi Clipper and cryptominer
- Cinoshi clipper targets crypto addresses of multiple cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Dashcoin, Neocoin, Ripple, Ethereum, Stellar, and Monero.
- Additionally, it targets Steam users by swapping their steam trade links with the attacker’s own link, thus redirecting users’ Steam trade transactions into their own steam account.
- Cinoshi cryptominer allows the attacker to mine currencies such as Monero and Ethereum.
- The miner build can be further customized for parameters such as CPU consumption, wallet details, and time duration, using the web panel.
The web panel and the botnet
- The web panel has specific sections for the management of each type of malware, namely the stealer panel, clipper panel, cryptominer panel, and botnet panel.
- It allows the attacker to perform all operational activities, such as compilation of builds, management of Telegram notifications, and configurations for the malware, without the need for a hosting server.
- The Cinoshi botnet panel allows attackers to build a botnet, allowing them to download and install additional malware families on the targeted machine.
Cinoshi’s subscription model
Cyble researchers revealed that the Cinoshi MaaS has been available on a monthly subscription model since early this month.
- The botnet and clipper functionalities are available for 1000 rubles (~ $15) a month.
- The cryptominer is available for 2000 rubles (~ $30), for a lifetime subscription.
- In addition to the above-paid services, the platform offers Cinoshi Stealer and a web panel to control malicious activities for free.
- The free version of the stealer payload does not have any encryption or obfuscation. To obtain the encrypted build, the platform demands 300 Rubles ($4.5).
Ending notes
Several malware developers are actively using the MaaS business model for monetizing the malware. However, by offering a free stealer and web panel, Cinoshi has further raised the bar, by making it a single-stop solution for different malicious activities. This rapid growth of the MaaS space is pretty concerning for the cybersecurity industry.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/74cc_shutterstock_1752948716.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0826_shutterstock_1124941190.jpg)
