The info-stealer market is expanding rapidly as researchers uncovered a new malware named ExelaStealer. The malware first appeared in August and includes a variety of data-stealing capabilities from stealing sensitive data, such as passwords, credit card details, cookies, and session data to key logs, from Windows systems.
More in detail
According to Fortiguard Labs, ExelaStealer is written in Python language and is being advertised on hacker forums and Telegram channels.
- It is available in two different variants - one is open-source and the other is a paid version.
- Researchers claim that operators are offering the malware source code for free.
- Anyone with the necessary skill could create an ExelaStealer binary using the freely available code.
Currently, the initial infection vector of the malware is unknown. However, researchers claim that it can be achieved in multiple ways, such as phishing, watering hole attacks, or other malware.
The info-stealer landscape thrives
- Info-stealers are, generally, low-cost commodity malware that makes them a perfect data-stealing tool for less-skilled hackers. Owing to their wide range of capabilities, there has been an explosion in such threats on the cyber landscape.
- Vietnam-based cybercriminals were tracked using Ducktail info-stealer, alongside DarkGate malware, to target organizations in the U.K, the U.S., and India.
- Threat actors behind Lumma Stealer were found shifting to Discord servers as a channel to distribute malware to more people.
- An information-stealing malware named MetaStealer was observed in the wild, targeting macOS systems.
Ending note
The discovery of another new info-stealer indicates that there is still room for new threat actors to emerge and gain traction. Moreover, the info-stealer provides the opportunity for attackers to use the stolen data for blackmail, espionage, or ransom. As this remains a prevalent threat, organizations are recommended to protect their critical assets and infrastructure with strong security measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/5520_shutterstock_735445135.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/a89a_banner_for_blog-01.png)
