• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

The new info-stealing malware operations to watch out for

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

AFFASocial

Ultimate Donator
VIP
Jun 26, 2021
740
482
  • May 15, 2023
  • 06:07 PM
  • 0

Data

The information-stealing malware market is constantly evolving, with multiple malware operations competing for cybercriminal customers by promoting better evasion and increased ability to steal data from victims.
Information stealers are specialized malware used to steal account passwords, cookies, credit card details, and crypto wallet data from infected systems, which are then collected into archives called 'logs' and uploaded back to the threat actors.
These logs of stolen data are used to fuel further attacks or sold on marketplaces for prices ranging between $1 to $150, depending on the victim.
Cybersecurity intelligence firm KELA has compiled a report presenting the rise of variants and malware-as-a-service (MaaS) operations that have grown substantially in the first quarter of 2023, raising the associated risk for organizations and individuals.
"In this report, KELA focuses on new infostealers like Titan, LummaC2, WhiteSnake, and others who have recently emerged from the cybercrime underground and have already gained popularity among threat actors," Cyber Threat Intelligence Analyst Yael Kishon said in a report shared with BleepingComputer.

The emerging info-stealers​

Although older strains like RedLine, Raccoon, and Vidar continue to have a significant presence, and newer families like Aurora, Mars, and Meta are still growing, new malware families are also trying to make a name for themselves this year.
Raccoon remains the most prolific MaaS
Raccoon remains the most prolific MaaS operation (KELA)
KELA highlights the following four information-stealing operations that launched over the past year:
Titan: Titan first appeared on Russian-speaking hacker forums in November 2022, promoted as a Go-based info-stealer targeting data stored in 20 web browsers.
Its Telegram channel counts over 600 subscribers. On March 1, 2023, its authors released version 1.5, and on April 14, and teased an upcoming new version, indicating that this is a very active project.
New versions of Titan announced on Telegram
New versions of Titan announced on Telegram
Source: KELA
Titan is sold for $120/month (beginners), $140/month (advanced), or $999/month (teams).
LummaC2: LummaC2 targets over 70 browsers, cryptocurrency wallets, and two-factor authentication extensions.
In January 2023, the project had a reboot on Telegram, which currently has over a thousand subscribers, and since February 2023, it has been offered for purchase through 'RussianMarket.'
LummaC2's pricing tiers
LummaC2's subscription tiers
Source: KELA
LummaC2 sells for $250 to $1000 per month, depending on the selected features, and KELA says the malware enjoys a very good reputation in the cybercrime underground.
LummaC2 also runs a reseller program, giving agents a 20% cut for new subscriptions they bring on the platform.
Stealc: First analyzed by SEKOIA in February 2023, Stealc is a lightweight stealer with automated exfiltration that targets over 22 web browsers, 75 plugins, and 25 desktop wallets.
It is sold for $200/month, and its popularity is constantly increasing.
Stealc author promoting the malware on Russian forums
Stealc author promoting the malware on Russian forum
Source: KELA
Previously, it has been seen distributed via YouTube videos that promote laced cracked software.
WhiteSnake: This strain was first promoted on hacker forums in February 2023 as an email, Telegram, Steam, and cryptocurrency wallet stealer.
It can target both Windows and Linux systems, which is rare in this field.
WhiteSnake promo page
WhiteSnake promo page
Source: KELA
WhiteSnake has over 750 subscribers on Telegram, selling for $140/month or $1,950 for lifetime access.

Cloud of Logs​

KELA's report also highlights a new product type that has emerged lately, named "Clouds of Logs," which is to sell subscriptions to access private cloud-hosted log collections created by threat actors distributing info-stealer malware.
Clouds of logs is a more private and, presumably, safer alternative to automated log markets, created to give data sellers a simpler way to monetize their activity without the involvement of middlemen.
Seller promoting their private logs repository on Telegram
Seller promoting their private logs repository on Telegram
Source: KELA
The emergence of new info-stealers priced competitively lowers the entry barrier for cybercriminals, especially in the case of Titan, which sells for just $120/month.
KELA believes that the Malware-as-a-Service market will preserve its popularity this year, so the use of info-stealers will continue to be substantial.
 
Back