HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING

Tags

External References

• https://www.cyfirma.com/
• https://otx.alienvault.com/

Description

Hexon Stealer, a malware capable of extracting sensitive information from browsers, has emerged as a rebranded version of Stealit Stealer. It utilizes the Electron framework and NSIS installer format to target browser cookies, credentials, and crypto-wallets. The malware grants full remote access to compromised systems, allowing attackers to monitor screens, control inputs, and engage in ransom negotiations. Hexon Stealer's key capabilities include Discord injection, game account access, cryptocurrency theft, and various remote control features. The developer, likely Turkish, promotes the stealer through Telegram and Signal channels, offering subscription plans. The malware's code is heavily obfuscated to evade detection, and it employs sophisticated techniques to exfiltrate stolen data.

Date