A newcomer to the underground forum “Crackingx” under the username “10cker” caused a stir by offering the source code of a sophisticated information stealer written in Rust programming language.
The post, which garnered immediate attention, outlined the features of the information stealer and its asking price of $700, available to only one buyer.
The stealer features an array of capabilities as detailed by “10cker”. It was designed to extract saved passwords from popular browsers like Google Chrome, Edge, and Brave. Additionally, it could target files from messaging platforms such as Telegram and Discord, along with other document files.
To maintain stealth, the stealer came with a hidden console and an auto-startup feature. Notably, it could also mimic user behavior by opening various programs, including images and documents, to avoid arousing suspicion.
New Rust-Based Information Stealer on Dark Web
To substantiate the claims, “10cker” provided supporting evidence in the form of a Telegram ID and a Vimeo link showcasing the stealer’s ability to evade detection even by updated Windows Security protocols.
Cyber threat intelligence analyst, Reza Abasi, weighed in on the matter, highlighting that “10cker” went as far as sharing the stealer’s file on “Jotti’s malware scan” site to demonstrate its undetectable nature to several antivirus programs, including “F-Secure,” “Bitdefender,” and “Kaspersky.”
Interestingly, a similar post surfaced on another underground forum, “breachforums,”, hinting at a possible connection between “Shnz” and “10cker,” either as the same individual or collaborating actors behind the development of this potent information stealer.
The post by “10cker” on the Crackingx forum read, “Stealer source code written in Rust FUD. Selling stealer source code. If you want to use CnC server I can configure it for free. Or you can receive it with email; it’s your choice. Browser: Google Chrome, Edge, Brave saved passwords. Files: Telegram, Discord, and other document files. Hidden console + auto startup.”
More Information Stealers on the Market
Recently, in a similar instance, Cyble Research & Intelligence Labs (CRIL) reported a new information stealer on the market, possibly a revamped version of the now-closed ObserverStealer. The Malware-as-a-Service (MaaS) ‘AsukaStealer’ was found on a Russian cybercrime forum, with version 0.9.7 offered for $80/month.
Originally advertised on another forum on January 24, 2024, the malware targets browser data, Discord and Telegram sessions, crypto wallets, screenshots, and files from Steam Desktop Authenticator. Notable features include customizable settings for browsers, file grabbing, and process capturing. The malware shares similarities with ObserverStealer, suggesting it is a revamped version.
Similarly, last month, a similar info-stealer was recorded on the dark web. Known as the Atomic Stealer (AMOS), the threat actors behind it were using phishing websites masquerading as popular Mac applications to distribute the information stealer. As of the analysis’s publication, these deceptive sites remain operational. AMOS undergoes constant updates, showcasing the developer’s dedication to enhancing its malicious functionalities. .
What are Info-stealers?
Information stealers or infostealers are a form of malware designed to pilfer sensitive data such as login credentials, financial information, and personal details from victims’ systems. This stolen data is often sold on the darknet for illicit purposes.
Info-stealers operate across platforms like Windows and Linux, aiming to bypass multi-factor authentication and gain access to user accounts. They commonly spread through phishing emails, keylogging, data exfiltration, and infected software or hardware. Notable examples include Redline, Vidar, and Raccoon info-stealers.
To mitigate the risk, users should scan email attachments, use endpoint detection solutions, and avoid downloading from untrusted sources. Countermeasures also include updating software, using password managers, and implementing email validation systems.
Regular backups, network segmentation, and application whitelisting are recommended to minimize the impact of potential attacks. Removal tools like CSK Free Bot Removal Tool can help detect and eliminate information stealers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.