ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges

Cyber Security Threat Summary:
In a report from Fortinet, they detail a new information-stealing malware named ExelaStealer that has recently emerged in the cybersecurity landscape. ExelaStealer is described as a low-cost, mostly open-source infostealer with the option for paid customizations. This affordability and openness make it accessible to a wide range of cybercriminals, from novices to more seasoned threat actors. The malware is predominantly coded in Python and offers support for JavaScript. It possesses the capability to exfiltrate a variety of sensitive data, including passwords, Discord tokens, credit card information, cookies, session data, keystrokes, screenshots, and clipboard content.

Security Officer Comments:
ExelaStealer is distributed through cybercrime forums and a dedicated Telegram channel, with pricing options of $20 per month, $45 for three months, or $120 for a lifetime license. The malware is known to employ deceptive tactics, such as disguising itself as a PDF document, for its initial delivery. It targets data that can be exploited for purposes like blackmail, espionage, or ransom. The report from Fortinet sheds light on the evolving and accessible nature of information-stealing malware and the ongoing challenges in cybersecurity.

Suggested Correction(s):
Companies should keep a vigilant eye on evolving threats, especially malware like infostealers, to safeguard their sensitive data and digital assets. The rapid emergence of new variants, such as ExelaStealer, underscores the necessity for proactive cybersecurity measures.