A brand new info stealer named ExelaStealer has turn into the newest entrant to an already crowded panorama stuffed with varied off-the-shelf malware designed to seize delicate knowledge from compromised Home windows methods.
“ExelaStealer is a largely open-source infostealer with paid customizations obtainable from the menace actor,” Fortinet FortiGuard Labs researcher James Slaughter mentioned in a technical report.
Written in Python and incorporating help for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, bank cards, cookies and session knowledge, keystrokes, screenshots, and clipboard content material.
ExelaStealer is obtainable on the market through cybercrime boards in addition to a devoted Telegram channel arrange by its operators who go by the web alias quicaxd. The paid-for model prices $20 a month, $45 for 3 months, or $120 for a lifetime license.
The low price of the commodity malware makes it an ideal hacking instrument for newbies, successfully decreasing the barrier to entry for pulling off malicious assaults.
The stealer binary, in its present type, can solely be compiled and packaged on a Home windows-based system utilizing a builder Python script, which throws vital supply code obfuscation to the combination in an try to withstand evaluation.
There may be proof to counsel that ExelaStealer is being distributed through an executable that masquerades as a PDF doc, indicating that the preliminary intrusion vector may very well be something starting from phishing to watering holes.
Launching the binary shows a lure doc – a Turkish car registration certificates for a Dacia Duster – whereas stealthily activating the stealer within the background.
“Knowledge has turn into a priceless foreign money, and due to this, makes an attempt to assemble it’ll seemingly by no means stop,” Slaughter mentioned.
“Infostealer malware exfiltrates knowledge belonging to firms and people that can be utilized for blackmail, espionage, or ransom. Regardless of the variety of infostealers within the wild, ExelaStealer reveals there may be nonetheless room for brand spanking new gamers to emerge and acquire traction.”
The disclosure comes as Kaspersky revealed particulars of a marketing campaign that targets authorities, legislation enforcement, and non-profit organizations to drop a number of scripts and executables without delay to conduct cryptocurrency mining, steal knowledge utilizing keyloggers, and acquire backdoor entry to methods.
“The B2B sector stays enticing to cybercriminals, who search to use its sources for money-making functions,” the Russian cybersecurity agency mentioned, noting that many of the assaults had been geared toward organizations in Russia, Saudi Arabia, Vietnam, Brazil, Romania, the U.S., India, Morocco, and Greece.
Earlier this week, U.S. cybersecurity and intelligence companies launched a joint advisory outlining the phishing strategies malicious actors generally use to acquire login credentials and deploy malware, highlighting their makes an attempt to impersonate a trusted supply to appreciate their targets.
