A new information stealer named ExelaStealer has become the latest one to become available to the hacker audience. There are many choices available for off-the-shelf malware designed to capture sensitive data from compromised Windows systems. ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor creator.
Written in Python and incorporating support for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, credit cards, cookies and session data, keystrokes, screenshots, and clipboard content. ExelaStealer is offered for sale via cybercrime forums as well as a dedicated Telegram channel set up by its operators who go by the online alias quicaxd. The paid-for version costs US$20 a month, US$45 for three months, or US$120 for a lifetime license. (Whose lifetime?) The increasingly low cost of the commodity malware makes it a perfect hacking tool for new cyber criminals, effectively lowering the barrier to entry for pulling off malicious attacks.[1]
See: https://redskyalliance.org/xindustry/raccoon-stealer-is-in-the-can
The stealer binary, in its current form, can only be compiled and packaged on a Windows-based system using a builder Python script, which throws necessary source code obfuscation to the mix in an attempt to resist analysis. There is evidence to suggest that ExelaStealer is being distributed via an executable that masquerades as a PDF document, indicating that the initial intrusion vector could be anything ranging from phishing to watering holes. Launching the binary displays a lure document a Turkish vehicle registration certificate for a Dacia Duster while stealthily activating the stealer in the background.
Data has become a valuable currency, and because of this, attempts to gather it will likely never cease. Infostealer malware exfiltrates data belonging to corporations and individuals that can be used for blackmail, espionage, or ransom. Despite the number of infostealers for sale, ExelaStealer shows there is still room for new players to emerge and gain popularity.
The B2B sector remains attractive to cybercriminals, who seek to exploit its resources for money-making purposes. Investigators noted that most of the attacks were aimed at organizations in Russia, Saudi Arabia, Vietnam, Brazil, Romania, the U.S., India, Morocco, and Greece. Recently, the US cybersecurity and intelligence agencies released a joint advisory outlining the phishing techniques malicious actors commonly use to obtain login credentials and deploy malware, highlighting their attempts to impersonate a trusted source to realize their goals.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html
Comments