All things infostealers. Week 45, 2024


A brief look at all things infostealers for the week 45, 2024 (04.11.2024–10.11.2024). The week wasn’t rich on infostealer news and updates. I have included only 2 noteworthy articles: one on targeting Roblox developers with infostealers, and the second one (highly recommended), is a public release of research by ESET on RedLine’s backend.

On the infostealer updates, we have:

  • a new version of Vidar Stealer released (and as a separate note, Vidar is having problems with Telegram and announced that they will set up a Matrix server at some point)
  • Ailurophile announcing new version to be released
  • Possible comeback of mintStealer

Vidar Update

Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)

WOW! 11.5 – Did you expect it?

Our new programmer was able to improve the code enough that it is running smoothly at the current time.

What did we do?

  1. Fixed the collection from Opera
  2. Reduced the number of empty logs
  3. Changed the method of collecting cookies
  4. Decryption of passwords are on server

Screenshot from XSS forum

Ailurophile Update

Ailurophile operator made an announcement on Telegram about the upcoming new version of the malware.

Screenshot from the Ailurophile’s Telegram channel

mintStealer Update

mintStealer operator woke up from stupor, read about Operation Magnus and decided to bring back the stealer.

Screenshot from the mintStealer’s Telegram channel

Articles/News

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

  • https://www.welivesecurity.com/en/eset-research/life-crooked-redline-analyzing-infamous-infostealers-backend/

Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber

  • https://socket.dev/blog/roblox-developers-targeted-with-npm-packages-infected-with-infostealers