Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-text-to-speech domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-bookmark-follow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the soledad domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-paywall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-frontend-submission domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114
ExelaStealer: A new low-cost cybercrime weapon has emerged – HacksByte

ExelaStealer: A new low-cost cybercrime weapon has emerged

A new information stealer named ExelaStealer has become the latest entrant into an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems.

“ExelaStealer is a massive open-source infostealer, with paid customizations available from threat actors,” James Slaughter, researcher at Fortinet FortiGuard Labs, said in a technical report.

Written in Python and incorporating support for JavaScript, it comes equipped with capabilities to siphon passwords, Discord tokens, credit cards, cookies and session data, keystrokes, screenshots, and clipboard contents.

ExelaStealer is offered for sale through cybercrime forums as well as a dedicated Telegram channel set up by its operators who go by the online alias quicaxd. The paid version costs $20 per month, $45 for three months, or $120 for a lifetime license.

The low cost of commodity malware makes it an ideal hacking tool for newcomers, effectively lowering the barrier of entry to carry out malicious attacks.

The stealer binary, in its current form, can only be compiled and packaged on Windows-based systems using a builder Python script, which throws the necessary source code obfuscation into the mix in an effort to resist analysis.

There is evidence to suggest that ExelaStealer is being distributed via an executable that masquerades as a PDF document, indicating that the initial intrusion vector could be anything from phishing to watering holes.

Upon launching the binary an attractive document is displayed – a Turkish vehicle registration certificate for the Dacia Duster – while the stealer silently activates in the background.

“Data has become a valuable currency and because of this, efforts to collect it will never stop,” Slaughter said.

“Infostealer malware exfiltrates data belonging to corporations and individuals that can be used for blackmail, espionage, or ransom. Despite the number of infostealers in the wild, ExelaStealer shows there is still room for new players to emerge and gain traction.”

The disclosure comes as Kaspersky revealed details of a campaign that targets government, law enforcement, and non-profit organizations to drop several scripts and executables at once to conduct cryptocurrency mining, steal data using keyloggers, and gain backdoor access to systems.

“The B2B sector remains attractive to cybercriminals, who seek to exploit its resources for money-making purposes,” the Russian cybersecurity firm said, noting that most of the attacks were aimed at organizations in Russia, Saudi Arabia, Vietnam, Brazil, Romania, the U.S., India, Morocco, and Greece.

Earlier this week, U.S. Cybersecurity and intelligence agencies released a joint advisory outlining the phishing techniques malicious actors commonly use to obtain login credentials and deploy malware, highlighting their attempts to impersonate a trusted source to realize their goals.

Related posts

Warning: New secret “RustDoor” backdoor is targeting Apple macOS devices

Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Targets South Korea

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More