‘SolyxImmortal’ Information Stealer Emerges

A newly identified information stealer relies on legitimate APIs and third-party libraries for evasive, persistent data harvesting and exfiltration, cybersecurity company Cyfirma reports.

Dubbed SolyxImmortal, the malware is written in Python and includes broad data theft and user surveillance capabilities, such as credential and document harvesting, a keylogger, and screen monitoring.

According to Cyfirma, SolyxImmortal is a monolithic Python application targeting Windows systems that can launch concurrent surveillance and data collection threads.

The malware runs silently in the background, does not have self-propagation capabilities, and focuses on continuous monitoring and alerting for authentication and other high-value user actions.

SolyxImmortal features a central controller that establishes persistence, collection, and surveillance, with all the malicious behavior hardcoded.

Command-and-control (C&C) parameters are also hardcoded. The infostealer uses two Discord webhooks, one for structured data exfiltration and another for sending screenshots, and relies on the service’s HTTPS security and reputation to evade network-based ...