HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING

Nov. 25, 2024, 11:27 a.m.

Description

Hexon Stealer, a malware capable of extracting sensitive information from browsers, has emerged as a rebranded version of Stealit Stealer. It utilizes the Electron framework and NSIS installer format to target browser cookies, credentials, and crypto-wallets. The malware grants full remote access to compromised systems, allowing attackers to monitor screens, control inputs, and engage in ransom negotiations. Hexon Stealer's key capabilities include Discord injection, game account access, cryptocurrency theft, and various remote control features. The developer, likely Turkish, promotes the stealer through Telegram and Signal channels, offering subscription plans. The malware's code is heavily obfuscated to evade detection, and it employs sophisticated techniques to exfiltrate stolen data.

External References

https://www.cyfirma.com/research/hexon-stealer-the-long-journey-of-copying-hiding-and-rebranding/
https://otx.alienvault.com/pulse/6741e0a7b35a88f3de57dfe0
Tags
obfuscation
remote access
nsis installer
cryptocurrency theft
browser data theft
2024-11-23
hexon stealer
electron framework
stealit stealer
turkish developer
discord stealer
fewer stealer

Date

  • Created: Nov. 23, 2024, 2:03 p.m.
  • Published: Nov. 23, 2024, 2:03 p.m.
  • Modified: Nov. 25, 2024, 11:27 a.m.

Attack Patterns

  • Fewer Stealer
  • Stealit Stealer
  • Hexon Stealer
  • Hexon Stealer