All things infostealers. Week 42, 2024


A brief look at all things infostealers for the week 42, 2024 (14.10.2024–20.10.2024). Now, for the week 42 I don’t really have many updates. Probably, I need to widen my net and look beyond XSS forum. Anyway, there are only 2 updates from the XFiles Stealer and 2 pieces of news. Oh, I did notice that some stealer devs were complaining about Telegram’s takedowns of their channels, they have created new ones (Lumma, Vidar) and XFiles has set up a matrix instances.

XFiles Update

Note: The update post is copy-pasted as is from the XSS forum

Update

  • We have updated the stub, now we also collect Mail clients – Outlook (New, Classic, Office 2016 with decryption of the president), Thunderbird.
  • Remote control tools – AnyDesk, Windows RDP (we also decrypt the password from it, if it is present)

Update 3.13.0

  • A small but important update! Google Chrome in version v130 slightly changed the encryption method, so we changed the decryption algorithm. Rebuild IS NOT REQUIRED, only our server part is affected. If you have broken (with hieroglyphs, etc.) cookies due to the new version of Chrome, write to support – we will help you restore these cookies!
  • Now when creating a build config, the config is created with a new version (v5) automatically.
  • Removed lags in the chrome extensions management interface (only for v5).

Articles/News

Tricks and Treats: GHOSTPULSE’s new pixel- level deception

  • https://www.elastic.co/security-labs/tricks-and-treats

Fake Google Meet conference errors push infostealing malware

  • https://www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/