A new cyber threat named ExelaStealer has emerged as a cost-effective information-stealing tool, joining the crowded landscape of malware designed to steal sensitive data from compromised Windows systems. Researchers from Fortinet FortiGuard Labs have identified ExelaStealer as an open-source infostealer with options for paid customizations from its creators.
This Python-based malware is capable of stealing passwords, Discord tokens, credit card information, keystrokes, screenshots, and clipboard contents, making it a versatile tool for cybercriminals. It is available for purchase through cybercrime forums and a dedicated Telegram channel at affordable prices, lowering the entry barrier for malicious attacks.
ExelaStealer has garnered attention for its low cost and ease of use, making it an attractive choice for both novice and experienced hackers. The malware is intentionally obfuscated to resist analysis and can only be compiled on a Windows-based system using a Python script builder. It is distributed through executables disguised as PDF documents, suggesting a range of possible initial intrusion methods, from phishing to watering hole attacks.
With data becoming a valuable commodity, cybercriminals are constantly seeking ways to gather it for various purposes, including blackmail, espionage, or ransom. Despite the existence of numerous information-stealing malware, ExelaStealer highlights the evolving nature of data exfiltration techniques in the cybercriminal world.
This emergence coincides with revelations from Kaspersky about a campaign targeting government, law enforcement, and nonprofit organizations, deploying multiple scripts and executables to conduct cryptocurrency mining, steal data via keyloggers, and gain backdoor access to systems. These threats underscore the need for enhanced cybersecurity measures and awareness to protect organizations and individuals.