Xenon Stealer

A Russian malware developer appears to be advertising a new infostealer on hacking forums. The threat, dubbed Xenon Stealer, can be purchased for as low as $80, therefore making it one of the more affordable malware-as-a-service projects available online. Unfortunately, this is likely to attract the interest of many cybercriminals, who may end up propagating the Xenon Stealer worldwide.

One of Xenon Stealer's distinctive properties is that it does not need a Web-based control panel to be controlled or to exfiltrate information – the author has managed to integrate this functionality through a Telegram bot, which will take care of the aforementioned tasks. Even if the buyer's Telegram bot gets banned, they can register a new one to use.

Having your system infiltrated by the Xenon Stealer can be very threatening because of its ability to collect multiple types of sensitive information from the infected system:

• Collecting passwords, credentials, credit cards, and other information from Microsoft Edge, as well as most browsers based on the Chromium (Google Chrome) or Gecko (Mozilla Firefox) platforms.
• Hardware, software, and network information about the infected host.
• Collecting Discord and Telegram sessions.
• Collecting files using a particular name or extension.
• Collecting data from FTP clients like Total Commander, FileZilla, WinSCP, and others.
• Collecting from messaging clients like Pidgin and Psi.
• Targeting VPN services such as NordVPN, ProtonVPN, OpenVPN, and others.
• Taking screenshots of the desktop or specific windows.
• Hijacking cryptocurrency wallets.

Threats like the Xenon Stealer are a major issue because anyone with a few dollars to spare can start using them immediately. This increases the reach of such threats drastically, especially considering that cybercriminals using them might use all kinds of malware propagation tricks and channels. The best to do to stay safe is to protect your network with an up-to-date anti-malware software suite.