The information-stealing malware market is constantly evolving, with multiple malware operations competing for cybercriminal clients by promoting better evasion and increased ability to steal victims’ data.

Information stealers are specialized malware used to steal account passwords, cookies, credit card details and crypto wallet data from infected systems, which are then collected in archives called “logs”. and uploaded to threat actors.

These stolen data logs are used to fuel new attacks or sold on marketplaces for prices ranging from $1 to $150, depending on the victim.

Cybersecurity intelligence firm KELA has compiled a report showcasing the rise of malware-as-a-service (MaaS) variants and operations which increased significantly in the first quarter of 2023, increasing the associated risk to organizations and individuals.

“In this report, KELA focuses on new information stealers like Titan, LummaC2, WhiteSnake and others who have recently emerged from cybercrime and have already gained popularity among threat actors,” said Yael Kishon. , Cyber ​​Threat Intelligence analyst, in a report shared with BleepingComputer. .

Emerging Information Thieves

Although older strains like RedLine, Raccoon, and Vidar continue to have a large presence and new families like Aurora, Mars, and Meta continue to grow, new malware families are also trying to make a name for themselves this year.

Raccoon remains the most prolific MaaS
Raccoon remains the most prolific MaaS operation (KELA)

KELA sheds light on the following four information theft operations launched in the past year:

Titan: Titan first appeared on Russian-speaking hacker forums in November 2022, touted as a Go-based infostealer targeting data stored in 20 web browsers.

His Telegram channel has more than 600 subscribers. On March 1, 2023, its authors released version 1.5, and on April 14, and teased a new version to come, indicating that it is a very active project.

New Titan releases announced on Telegram
New Titan releases announced on Telegram
Source: KELA

Titan is priced at $120/month (beginners), $140/month (advanced), or $999/month (teams).

LummaC2: LummaC2 targets over 70 browsers, cryptocurrency wallets and two-factor authentication extensions.

In January 2023, the project restarted on Telegram, which currently has more than a thousand subscribers, and since February 2023 it has been offered for purchase through “RussianMarket”.

LummaC2 Pricing Tiers
LummaC2 Subscription Tiers
Source: KELA

LummaC2 sells for between $250 and $1,000 per month, depending on the features selected, and KELA says the malware has a very good reputation in the cybercrime community.

LummaC2 also runs a reseller program, offering agents a 20% discount for new subscriptions they bring to the platform.

Fly: First analysis by SEKOIA as of February 2023, Stealc is a lightweight thief with automated exfiltration that targets over 22 web browsers, 75 plugins, and 25 desktop wallets.

It is sold for $200/month and its popularity continues to increase.

Stealc author promoting the malware on Russian forums
Stealc author promoting the malware on a Russian forum
Source: KELA

Previously, it was seen being distributed via YouTube videos promoting pirated software.

white snake: This strain was first promoted on hacker forums in February 2023 as an email, Telegram, Steam and cryptocurrency wallet stealer.

It can target both Windows and Linux systems which is rare in this field.

WhiteSnake promotional page
WhiteSnake promotional page
Source: KELA

WhiteSnake has over 750 subscribers on Telegram, selling for $140/month or $1,950 for lifetime access.

Newspaper cloud

KELA’s report also highlights a new type of product that has emerged recently, dubbed “Clouds of Logs”, which involves selling subscriptions to access private cloud-hosted log collections created by malicious actors distributing information-stealing malware.

Clouds of logs is a more private and, presumably, safer alternative to automated log marketplaces, created to give data sellers an easier way to monetize their business without the intervention of intermediaries.

Seller promoting his private log repository on Telegram
Seller promoting his private log repository on Telegram
Source: KELA

The emergence of new, competitively priced information thieves is lowering the barrier of entry for cybercriminals, especially in the case of Titan, which retails for just $120/month.

KELA believes that the malware-as-a-service market will retain its popularity this year, so the use of infostealers will continue to be prominent.


Source link