In 2023, the InfoStealer market is a reasonably crowded affair. The likes of RedLine, Raccoon, and Vidar own a significant market share, with new entrants such as SaphireStealer appearing frequently. The latest entry, ExelaStealer has now taken the field. Very little backstory is available on ExelaStealer, with the earliest public mentions FortiGuard Labs could locate occurring in August 2023.
FortiGuard Labs research reveals that ExelaStealer is a largely open-source InfoStealer with paid customizations available from the threat actor. It is written in Python, although it pulls resources from other languages (e.g., JavaScript) where needed. It can steal sensitive information from a Windows-based host (e.g., passwords, credit cards, cookies and session data, and general keylogging). FortiGuard Labs was able to obtain a sample. This blog will analyze its inner workings.
Read more…
Source: FortiGuard Labs