IXWare is a piece of malware whose authors are selling it via online forums, which aim to hacking different multiplayer games like Roblox. The latter is IXWare's exact target, but the malware has more features than hijacking Roblox players' authentication tokens. It also can work as a cookie collector, as well as an information collector, which specializes in hijacking the databases used by Chromium-based Web browsers. The malware-as-a-Service (MaaS) concept that IXWare's creators use is very threatening as it allows anyone to make use of this malware as long as they agree to pay a $10 rental fee for one month or $25 for three months. Their 'customers' do not need to worry about setting up anything – IXWare uses a Web-based admin panel hosted by its authors, and it can be used to exfiltrate data and create payloads.
Low-Quality IXWare Infostealer Targets Browsers and the Roblox Game
When the IXWare infects a system, it will gain persistence by making a small change to the Windows Registry or setting up a new scheduled task. According to the creators, it has the ability to evade 'Virtual Machine' environments used for malware analysis, as well as anti-virus tools. However, their claims are fake, and most of IXWare's code appears to have been collected from open-source malware projects.
IXWare checks the level of permissions of the victim's Windows account – if it is set to 'Administrator,' then the malware may try to disable the Windows Defender and trick Windows into thinking that its threatening process is a critical one. Doing so ensures that the victim will encounter a Blue Screen of Death (BSOD) if they try to end IXWare's process.
AS mentioned earlier, IXWare focuses on collecting browser and application passwords. Its primary targets are Google Chrome and Chromium-based Web browsers. It tries to grab the entire SQLite database, which Chromium browsers use to store the user's information. The cookie collector focuses on the game called 'Roblox' – it checks for the presence of the Windows process 'RobloxPlayerBeta' and then uses a series of 'Command Prompt' queries to grab the authentication token.
While IXWare's functionality is threatening, there is good news. The malware consists of collected code from many open-source infostealers, and its authors have not implemented any advanced security measures. This means that the IXWare's attack is very noisy and easily preventable with the use of an up-to-date anti-malware application.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to IXWare may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.