CyberSecurityBoard
Sponsor Register Login

New "123 | Stealer" Advertised on Underground Hacking Forums for $120 Per Month

The threat actor claims the stealer can also perform process grabbing and file grabbing operations, making it a versatile tool for data theft operations. This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer technology, combining sophisticated data exfiltration capabilities with a user-friendly administrative interface. The malware features a DLL-free stub architecture, weighing approximately 700KB, which makes it more difficult to detect by traditional antivirus solutions that rely on dynamic link library (DLL) injection detection methods. However, the professional presentation of the login interface and comprehensive administrative panel suggests significant development investment, indicating this may be a serious threat rather than a scam operation. The forum advertisement emphasizes that users are responsible for any detection or force majeure events, indicating that malware authors are attempting to limit their liability. Steals browser data, passwords, crypto wallets, Discord accounts, and performs file/process grabbing. This pricing strategy targets both novice cybercriminals and experienced threat actors seeking reliable data exfiltration tools. This approach allows malware operators to maintain operational security (OPSEC) while distributing infrastructure burden to customers. The administrative panel reveals extensive browser support, including compatibility with over 70 browser extensions. The subscription model ensures recurring revenue for malware authors while providing continuous updates and support to customers. Stealer samples and update detection signatures to protect against this emerging threat. Stealer" marketed for $120/month by threat actor "koneko" on underground forums. Stealer is written in C++, a programming language choice that suggests developers prioritized performance and low-level system access. C++ coded, DLL-free (~700KB), supports 70+ browser extensions, requires self-hosted proxy servers.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 04 Jul 2025 08:35:15 +0000


Cyber News related to New "123 | Stealer" Advertised on Underground Hacking Forums for $120 Per Month

CVE-2022-49123 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
9 months ago Darkreading.com
New "123 | Stealer" Advertised on Underground Hacking Forums for $120 Per Month - The threat actor claims the stealer can also perform process grabbing and file grabbing operations, making it a versatile tool for data theft operations. This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer ...
4 days ago Cybersecuritynews.com
Unix Printing Vulnerabilities Enable Easy DDoS Attacks - "For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target." Akamai found that all it takes for someone to launch an attack is to send a ...
9 months ago Darkreading.com CVE-2024-47176 CVE-2024-47076 CVE-2024-47175 CVE-2024-47177
CVE-2021-47047 - In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails The spi controller supports 44-bit address space on AXI in DMA mode, so set dma_addr_t width to 44-bit to avoid using a ...
1 year ago Tenable.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
2 months ago Cybersecuritynews.com
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
9 months ago Darkreading.com
Attackers Targeting Recruiters With More_Eggs Backdoor - FIN6 has been known in the past to pose as recruitment officers to target job seekers, but it appears to be "moving from posing as fake recruiters to now masquerading as fake job applicants" in a shift in tactics, Trend Micro researchers ...
9 months ago Darkreading.com FIN6
CVE-2025-27636 - Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to ...
2 weeks ago CVE-2025-29891
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
New Variant of macOS Threat XCSSET Spotted in the Wild - To avoid downloading Xcode projects infected with XCSSET, Microsoft recommends that developers and users "always inspect and verify any Xcode projects downloaded or cloned from repositories" that potentially will spread the malware. ...
4 months ago Darkreading.com
DPRK's APT37 Targets Cambodia in Khmer - The North Korean state-sponsored threat actor known as APT37 has been carefully spreading a novel backdoor, dubbed "VeilShell." Of note is its target: Most North Korean advanced persistent threats (APTs) have a history of targeting ...
9 months ago Darkreading.com APT3 APT37
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - Microsoft, which tracks the group as "Seashell Blizzard," has identified a subgroup within 74455 focused solely on gaining initial access to high-value organizations across major industries and geographic regions. Sandworm has targeted ...
4 months ago Darkreading.com CVE-2023-48788 CVE-2024-1709
How This Security Firm's 'Bias' Is Also Its Superpower - "We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, ...
4 months ago Darkreading.com Equation
Calif. Gov. Vetoes AI Safety Bill Aimed at Big Tech Players - "Moreover, the latest independent academic research concludes, large language models like ChatGPT cannot learn independently or acquire new skills, meaning they pose no existential threat to humanity." The coalition also took issue with the ...
9 months ago Darkreading.com
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
1 year ago Securityzap.com
CVE-2023-26031 - Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to ...
55 years ago Tenable.com
Australian Infrastructure Faces 'Acute' Foreign Threats - "Cyber units from at least one nation state routinely try to explore and exploit Australia’s critical infrastructure networks, almost certainly mapping systems so they can lay down malware or maintain access in the future," Burgess said. ...
4 months ago Darkreading.com
Researchers Uncovered Hacking Tools and Techniques Discussed on Russian-Speaking Hacking Forums - Trend Micro researchers noted that these Russian-speaking forums operate with a unique hierarchical structure where established members provide mentorship and technical guidance to newcomers, creating a self-perpetuating ecosystem of cybercriminal ...
2 months ago Cybersecuritynews.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
9 months ago Thehackernews.com
Open Source AI Models: Big Risks for Malicious Code, Vulns - Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. While the attacks appeared to be proofs-of-concept, their success in ...
4 months ago Darkreading.com
UAE, Saudi Arabia Become Plum Cyberattack Targets - Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web. With the UAE and Saudi Arabia increasingly invested in digitization, AI development, and ...
9 months ago Darkreading.com
Dragos Expands ICS Platform with New Acquisition - "We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," ...
9 months ago Darkreading.com
CVE-2012-45971 - 1) McAfee Email and Web Security and Email Gateway contains a flaw related to the /admin/cgi-bin/localadmin script. The issue is due to the script calling the SCMAdmin::AuthManagement::localLogin() function when $ENV{WS_SOURCE_IP} is 127.0.0.1. ...
55 years ago Tenable.com
CVE-2015-8311 - On 2015-09-14, Marcello Duarte disclosed a vulnerability in FreeSWITCH on the Bugtraq mail list. This was assigned CVE-2015-7392 which reads: Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)