A brief look at all things infostealers for the week 50, 2024 (09.12.2024–15.12.2024). This week observed updates for XFiles, Lumma and mintStealer infostealers. Probably, the most interesting thingy to note is that XFiles is planning to release a version targeting MacOS systems.
XFiles Update
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 3.14.0 !
Stab uniqueness increased to ~80%
New browser protection bypass in BETA mode. It will go into release stage in two days.
Added the ability to run the loader only if the victim has certain software installed.
Hidden VNC with convenient control is planned to be released by the end of the month.
MacOS (alpha) is planned to be released by the end of the month.
Personal proxies is planned to be added by the end of the month.
Screenshot from XSS forum
Lumma Update
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
Update 12.12 !
- Added possibility to make activator without wallets in loader
- Added UltraVNC, TightVNC, RealVNC, TigerVNC to the application search
- Common proxies replaced
- Cleaned WD 10/11 + Cloud
- Fixed bug where session would hang when large amount of logs were being put up for sale
- Fixed a bug where a white screen could appear when allocated logs were put up for sale
Screenshot from XSS forum
mintStealer Update
Note: The update posts are copy-pasted as is (and machine-translated if post wasn’t available in English)
The version 1.2.0 of mint stealer is OUT, what’s new?
● Advanced runtime bypass
● New keyword based system that sort passwords in multiple .txt (games.txt, fastfood.txt, crypto.txt, shopping.txt…)
● Anti-CIS (until right now, mint was only blocking Russian PC. Now it’s all cis PCs)
● Server hiding system (prevent reversers to get C2 IP & some anti-virus detections)
● Anti-sandboxes for extended FUD (ai algorithm)
● Steal new Roblox launcher
● Gecko (firefox steal) fix
● Files Stealing fix
● Using new gofile API and many other things (would be a too long list)
Screenshot from mintStealer’s Telegram channel
Articles/News
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
- https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/