New “123 | Stealer” Malware Rented on Dark Web for $120/Month

A new credential-stealing malware, dubbed “123 | Stealer,” has surfaced on underground cybercrime forums, with the threat actor known as #koneko offering the tool for rent at $120 per month.

The malware, which is being marketed as a powerful and flexible information stealer, is drawing attention for its claimed features and competitive pricing, though its effectiveness remains unverified by the broader cybercriminal community.

Key Features and Technical Details

According to advertisements posted by #koneko, “123 | Stealer” is:

• Written in C++: Suggesting a focus on performance and portability.
• DLL-Free Stub (~700KB): The malware is distributed as a compact, standalone executable, which may help it evade some detection mechanisms.
• Proxy Server Requirement: Operators must set up a proxy server compatible with Ubuntu or Debian, indicating a level of operational complexity and a possible attempt to obscure command-and-control (C2) traffic.
• Comprehensive Data Theft Capabilities:
  • Browser Data: Extracts cookies, saved passwords, and browsing history.
  • Crypto ...