Info Stealer | Breaking Cybersecurity News | The Hacker News

A new information stealer named  ExelaStealer  has become the latest entrant to an already  crowded landscape  filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor," Fortinet FortiGuard Labs researcher James Slaughter  said  in a technical report. Written in Python and incorporating support for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, credit cards, cookies and session data, keystrokes, screenshots, and clipboard content. ExelaStealer is offered for sale via cybercrime forums as well as a dedicated Telegram channel set up by its operators who go by the online alias quicaxd. The paid-for version costs $20 a month, $45 for three months, or $120 for a lifetime license. The low cost of the commodity malware makes it a perfect hacking tool for newbies, effectively lowerin

In yet another sign of a lucrative crimeware-as-a-service ( CaaS ) ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called  Meduza Stealer  that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a singular objective: comprehensive data theft," Uptycs  said  in a new report. "It pilfers users' browsing activities, extracting a wide array of browser-related data." "From critical login credentials to the valuable record of browsing history and meticulously curated bookmarks, no digital artifact is safe. Even crypto wallet extensions, password managers, and 2FA extensions are vulnerable." Despite the similarity in features, Meduza boasts of a "crafty" operational design that eschews the use of obfuscation techniques and promptly terminates its execution on compromised hosts should a connection to the attacker's server fail. It's

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the  SaaS shadow IT  of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI  with little regard for established IT and cybersecurity review procedures. Considering  ChatGPT's meteoric rise to 100 million users within 60 days of launch , especially with little sales and marketing fanfare, employee-driven demand for AI tools will only escalate.  As new studies show  some workers boost productivity by 40% using generative AI , the pressure for CISOs and their teams to fast-track AI adoption — and turn a blind eye to unsanctioned AI tool usage — is intensifying.  But succumbing to these pressures can introduce serious SaaS data leakage and breach risks, particularly as employees flock to AI tools developed by small businesses, solopreneurs, and indie developers. AI Security Guide Download AppOmni's CISO Guide to AI Security - Part 1 AI evoke

A previously undocumented Windows-based information stealer called  ThirdEye  has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which  made the discovery , said it found the malware in an executable that masqueraded as a  PDF file  with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK Rules for issuing sick leaves.pdf.exe." The arrival vector for the malware is presently unknown, although the nature of the lure points to it being used in a phishing campaign. The very  first ThirdEye sample  was uploaded to VirusTotal on April 4, 2023, with relatively fewer features. The evolving stealer, like  other malware families  of its kind, is equipped to gather system metadata, including BIOS release date and vendor, total/free disk space on the C drive, currently running processes, register usernames, and volume information. The amassed details are then tra

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as  Nodaria , which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files," the Symantec Threat Hunter Team  said  in a report shared with The Hacker News. Nodaria was  first spotlighted  by CERT-UA in January 2022, calling attention to the adversary's use of  SaintBot and OutSteel malware  in spear-phishing attacks targeting government entities. Also called DEV-0586, TA471, and UNC2589, the hacking crew has been linked to the destructive WhisperGate (aka PAYWIPE ) data wiper attacks targeting Ukrainian entities around the same time.

The notorious information-stealer known as  Vidar  is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a technical analysis  published  late last month. "Threat actors write identifying characters and the C2 address in parts of this page." In other words, the technique relies on actor-controlled throwaway accounts created on social media to retrieve the C2 address. An advantage to this approach is that should the C2 server be taken down or blocked, the adversary can trivially get around the restrictions by setting up a new server and editing the account pages to allow the previously distributed malware to communicate with the server. Vidar, first identified in 2018, is a  commer

A crimeware-related threat actor known as Haskers Gang has released an  information-stealing malware  called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer  said  in a report shared with The Hacker News. "In many cases, this includes the  RedLine Stealer  and an XMRig-based cryptocurrency mining malware that is internally referred to as 'ZingoMiner.'" But in an interesting twist, the criminal group announced on Thursday that the ownership of the ZingoStealer project is changing hands to a new threat actor, in addition to offering to sell the source code for a negotiable price of $500. Since its inception last month, ZingoStealer is said to be undergoing consistent development and deployed specifically against Russi

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar. Dubbed " Solarmarker ," the malware campaign is believed to be active since September 2020, with telemetry data pointing to malicious actions as early as April 2020, according to Cisco Talos. "At its core, the Solarmarker campaign appears to be conducted by a fairly sophisticated actor largely focused on credential and residual information theft," Talos researchers Andrew Windsor and Chris Neal  said  in a technical write-up published last week. Infections consist of multiple moving parts, chief among them being a .NET assembly module that serves as a system profiler and staging ground on the victim host for command-and-control (C2) communications and fur