IXWare
IXWare is a piece of malware whose authors are selling it via online forums, which aim to hacking different multiplayer games like Roblox. The latter is IXWare's exact target, but the malware has more features than hijacking Roblox players' authentication tokens. It also can work as a cookie collector, as well as an information collector, which specializes in hijacking the databases used by Chromium-based Web browsers. The malware-as-a-Service (MaaS) concept that IXWare's creators use is very threatening as it allows anyone to make use of this malware as long as they agree to pay a $10 rental fee for one month or $25 for three months. Their 'customers' do not need to worry about setting up anything – IXWare uses a Web-based admin panel hosted by its authors, and it can be used to exfiltrate data and create payloads.
Low-Quality IXWare Infostealer Targets Browsers and the Roblox Game
When the IXWare infects a system, it will gain persistence by making a small change to the Windows Registry or setting up a new scheduled task. According to the creators, it has the ability to evade 'Virtual Machine' environments used for malware analysis, as well as anti-virus tools. However, their claims are fake, and most of IXWare's code appears to have been collected from open-source malware projects.
IXWare checks the level of permissions of the victim's Windows account – if it is set to 'Administrator,' then the malware may try to disable the Windows Defender and trick Windows into thinking that its threatening process is a critical one. Doing so ensures that the victim will encounter a Blue Screen of Death (BSOD) if they try to end IXWare's process.
AS mentioned earlier, IXWare focuses on collecting browser and application passwords. Its primary targets are Google Chrome and Chromium-based Web browsers. It tries to grab the entire SQLite database, which Chromium browsers use to store the user's information. The cookie collector focuses on the game called 'Roblox' – it checks for the presence of the Windows process 'RobloxPlayerBeta' and then uses a series of 'Command Prompt' queries to grab the authentication token.
While IXWare's functionality is threatening, there is good news. The malware consists of collected code from many open-source infostealers, and its authors have not implemented any advanced security measures. This means that the IXWare's attack is very noisy and easily preventable with the use of an up-to-date anti-malware application.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.