New “123 | Stealer” Malware Rented on Dark Web for $120/Month

New "123 | Stealer" Malware Rented on Dark Web for $120/Month

A new credential-stealing malware, dubbed “123 | Stealer,” has surfaced on underground cybercrime forums, with the threat actor known as #koneko offering the tool for rent at $120 per month.

The malware, which is being marketed as a powerful and flexible information stealer, is drawing attention for its claimed features and competitive pricing, though its effectiveness remains unverified by the broader cybercriminal community.

Key Features and Technical Details

According to advertisements posted by #koneko, “123 | Stealer” is:

  • Written in C++: Suggesting a focus on performance and portability.
  • DLL-Free Stub (~700KB): The malware is distributed as a compact, standalone executable, which may help it evade some detection mechanisms.
  • Proxy Server Requirement: Operators must set up a proxy server compatible with Ubuntu or Debian, indicating a level of operational complexity and a possible attempt to obscure command-and-control (C2) traffic.
  • Comprehensive Data Theft Capabilities:
    • Browser Data: Extracts cookies, saved passwords, and browsing history.
    • Crypto Wallets: Targets digital wallets, a growing focus for modern stealers.
    • Process and File Grabs: Can capture running processes and exfiltrate files from infected systems.
    • Browser Extensions: The admin panel reportedly supports over 70 browser extensions, including those for major Chromium and Gecko-based browsers, as well as Discord and other popular platforms.

The rise of “123 | Stealer” reflects a broader trend in the cybercrime ecosystem, where malware-as-a-service (MaaS) offerings are becoming increasingly accessible and affordable.

New "123 | Stealer" Malware Rented on Dark Web for $120/Month 2

Similar stealers, such as RedLine and LummaC2, have been observed on dark web markets, often providing a range of credential theft and data exfiltration features for a monthly fee.

These tools are typically used to harvest sensitive information, which is then sold or leveraged for further attacks, including account takeovers and financial fraud.

The lack of public reviews or endorsements from other cybercriminals means that the true capabilities of “123 | Stealer” remain unverified.

In the underground economy, reputation and proven effectiveness are critical for adoption, so it remains to be seen whether this new stealer will gain traction.

Security researchers warn that the proliferation of such tools lowers the barrier to entry for cybercriminals, enabling even less technically skilled actors to launch sophisticated attacks.

The modular design and support for a wide array of browser extensions and platforms make “123 | Stealer” a potential threat to both individuals and organizations, should its claims prove accurate.

While “123 | Stealer” is the latest entrant in a crowded field of infostealer malware, its real-world impact will depend on its effectiveness and the trust it earns within cybercriminal circles.

Organizations are urged to remain vigilant, update security protocols, and monitor for signs of credential theft as the threat landscape continues to evolve.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free


Source link