A brand new data stealer named ExelaStealer has develop into the most recent entrant to an already crowded panorama crammed with varied off-the-shelf malware designed to seize delicate knowledge from compromised Home windows methods.
“ExelaStealer is a largely open-source infostealer with paid customizations out there from the risk actor,” Fortinet FortiGuard Labs researcher James Slaughter mentioned in a technical report.
Written in Python and incorporating assist for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, bank cards, cookies and session knowledge, keystrokes, screenshots, and clipboard content material.
ExelaStealer is obtainable on the market through cybercrime boards in addition to a devoted Telegram channel arrange by its operators who go by the web alias quicaxd. The paid-for model prices $20 a month, $45 for 3 months, or $120 for a lifetime license.
The low price of the commodity malware makes it an ideal hacking device for newbies, successfully decreasing the barrier to entry for pulling off malicious assaults.
The stealer binary, in its present kind, can solely be compiled and packaged on a Home windows-based system utilizing a builder Python script, which throws needed supply code obfuscation to the combo in an try to withstand evaluation.
There may be proof to recommend that ExelaStealer is being distributed through an executable that masquerades as a PDF doc, indicating that the preliminary intrusion vector may very well be something starting from phishing to watering holes.
Launching the binary shows a lure doc – a Turkish car registration certificates for a Dacia Duster – whereas stealthily activating the stealer within the background.
“Data has develop into a beneficial foreign money, and due to this, makes an attempt to assemble it is going to seemingly by no means stop,” Slaughter mentioned.
“Infostealer malware exfiltrates knowledge belonging to firms and people that can be utilized for blackmail, espionage, or ransom. Regardless of the variety of infostealers within the wild, ExelaStealer reveals there may be nonetheless room for brand new gamers to emerge and achieve traction.”
The disclosure comes as Kaspersky revealed particulars of a marketing campaign that targets authorities, regulation enforcement, and non-profit organizations to drop a number of scripts and executables directly to conduct cryptocurrency mining, steal knowledge utilizing keyloggers, and achieve backdoor entry to methods.
“The B2B sector stays engaging to cybercriminals, who search to take advantage of its sources for money-making functions,” the Russian cybersecurity agency mentioned, noting that a lot of the assaults had been geared toward organizations in Russia, Saudi Arabia, Vietnam, Brazil, Romania, the U.S., India, Morocco, and Greece.
Earlier this week, U.S. cybersecurity and intelligence businesses launched a joint advisory outlining the phishing methods malicious actors generally use to acquire login credentials and deploy malware, highlighting their makes an attempt to impersonate a trusted supply to understand their targets.
