Extremely dangerous ExelaStealer malware discovered

According to the latest technical report, cybersecurity and information security company Fortinet FortiGuard Labs stated: “ExelaStealer is a particularly dangerous open source information theft tool, with customizable payment levels for hackers”.

The low cost of entry makes ExelaStealer a favorite weapon of hackers.

Written in Python programming language and incorporating JavaScript support, ExelaStealer is capable of stealing passwords, credit cards, Discord tokens, cookies and data, keystrokes, screenshots, and clipboard contents.

The distinct danger of the ExelaStealer malware lies in its low cost of entry, making it the perfect hacking tool for some novice hackers, lowering the minimum cost to carry out malicious cyberattack campaigns.

The ExelaStealer malware steals data from organizations and individuals, which can be used for espionage or ransom purposes.

There is evidence that the ExelaStealer malware is being distributed via a fake executable file disguised as a PDF document. Executing the binary displays a document that attracts users' attention, while stealthily activating the information-stealing software that operates in the background.

ExelaStealer is being openly offered for sale on cybercrime forums, as well as a dedicated Telegram channel, set up by an operator who goes by the online alias Quicaxd. The paid version costs $20/month, $45/3 months, or $120 for a lifetime license.

“The B2B sector remains attractive to cybercriminals, with attackers seeking to exploit its resources for financial gain,” said Russian cybersecurity firm Kaspersky, noting that most of the attacks targeted organizations in Russia, Vietnam, Brazil, Saudi Arabia, Romania, the United States, India, Morocco and Greece.