A new InfoStealer called ExelaStealer emerged in 2023, joining the ranks of other well-known malware like RedLine, Raccoon, and Vidar.
FortiGuard Labs, a leading cybersecurity research and analysis firm, has revealed some insights into this new threat. ExelaStealer is an open-source malware that can be customized for a fee.
It is written in Python, but it can also use other languages like JavaScript when needed. It targets Windows-based systems and steals various types of information, such as passwords, credit cards, cookies, sessions, and keystrokes.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
ExelaStealer is also notable for its advertising strategy on the Dark Web. It offers both free and paid versions, with different prices depending on the features.
The ads are posted by someone called “quicaxd,” who seems to be the main developer and seller of ExelaStealer.
To build ExelaStealer, one needs to have access to the source code and a Windows-based host. The main file is “Exela.py,” which is obfuscated by “obf.py” to make it harder to analyze.
The infection method used by ExelaStealer is not clear, but it could involve various techniques like phishing, watering holes, or other malware delivery methods.
One example of a binary that contains ExelaStealer is “sirket-ruhsat-pdf.exe,” which shows a fake Turkish vehicle registration certificate as a distraction to the user.
When executed, “sirket-ruhsat-pdf.exe” performs various actions, such as collecting system information, taking screenshots, copying data from the Clipboard, and exporting WLAN profiles. This data is then sent to the attacker via a Discord webhook.
ExelaStealer is a new and versatile InfoStealer that can pose a serious threat to users’ data and privacy.
Fortinet provides various services to protect against this malware, such as Web Filtering, AntiVirus, FortiMail, FortiClient, and FortiEDR, with specific AV signatures to detect ExelaStealer samples.
Cybersecurity is a vital aspect of our digital world, and we need to be alert and well-protected against new and evolving threats.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
Read the full article here