All things infostealers. Week 39, 2024


A brief look at all things infostealers for the week 39, 2024 (23.09.2024–29.09.2024). Includes an update on Lumar stealer and few articles, that were an interesting read.

All right, all right, this is a very brief overview. Just starting, let’s see if I’ll have any time and patience to keep posting.

Lumar Update. 28 September 2024.

1 Welcome to Lumar! The English language has been added to the panel. You can change the language in “profile->language->English”
2 Now you can create not only Telegram bots but also FTP bots and set up filtering for them just like for Telegram. FTP bots will connect to your FTP server, and you can create and configure a bot in the “Telegram / FTP Report” tab. Moreover, you can configure file distribution across specified folders on the server, with each bot sending data to its own folder.
3 The log table has been adjusted so that the data now aligns with the table headers.
4 A proxy system has been added to the panel. Now you can view your proxies in the stealer section and also see how much data has passed through them (in logs, in gigabytes), their performance, and other information. You can order a personal proxy from support.
5 The builder has been updated. Now, if personal proxies are available, they will be prioritized in the build configuration, and the build will first attempt to connect through them.
6 Optimized the package preparation process in the build, fixed potential errors, and increased fault tolerance.

Screenshot taken from XSS forum

WhiteSnake update 1.6.3.4. 23 September 2024.

Chrome v129 added CVC grabber for cards.
Card type/brand/country detection is now local without api’s
Detect spotify account automatic action.
added decryption of auth data for OpenVPN-GUI.
added support for database decryption for new Signal messenger update.
small fix with outlook recovery
Steam refresh tokens grabber (Requires steam app open on victim)
Added more icons to LNK builder and fixed old one.
Added mshta technique for LNK builder (.sct file only)
added OpenVPN-Connect, Rustdesk, Rudesk, Anydesk, RuPost-Desktop, EpicGames data grabber.

Screenshot taken from WhiteSnake’s Telegram channel

Articles/News

Infostealer malware bypasses Chrome’s new cookie-theft defenses

  • https://www.bleepingcomputer.com/news/security/infostealer-malware-bypasses-chromes-new-cookie-theft-defenses/

Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

  • https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering

Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 (excellent report)

  • https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf