Chris Swagler | May 24th, 2023

Numerous malware operations are competing for cybercriminal clients by encouraging greater evasion and increased ability to steal victims’ data in the information-stealing malware market, which is always evolving. Information stealers are specialized malware that steals account passwords, cookies, credit card details, and crypto wallet data from infected systems. The data is collected into archives known as “logs” and uploaded back to the threat actors. The stolen data logs are either used to fuel future attacks or on marketplaces for prices ranging from $1 to $150, depending on the victims. A cybersecurity intelligence company has published a study detailing the development of variants and malware-as-a-service (MaaS) operations in the first quarter of 2023, increasing the risk for companies and individuals. The cybersecurity company focused on new info stealers, including Titan, LummaC2, and WhiteSnake, that emerged from the cybercrime underground and already gained popularity among threat actors.

Even though older strains, including RedLine, Raccoon, and Vider, continue to be prevalent and newer families, including Aurora, Mars, and Meta, are constantly expanding, new malware families are attempting to make a name for themselves. The following four information-stealing operations have launched in the last year.

Titan – It originally appeared on Russian-language threat operator forums in November 2022, marketed as a Go-based info-stealer targeting data stored in 20 web browsers. It has approximately 600 users on its Telegram channel. The authors released version 1.5 on March 1, 2023, and advertised an imminent new version on April 14, indicating that it’s a very active project. Titan costs $120/month for novices, $140/month for expert users, and $999/month for teams.

LummaC2 – This malware is designed to target over 70 browsers, cryptocurrency wallets, and two-factor authentication extensions. The project was relaunched on Telegram in January 2023, and it’s being offered for purchase through the “Russian Market.” LummaC2 costs $250 to $1000 per month, depending on the features chosen, and the malware enjoys an excellent reputation in the cybercrime underground. Additionally, LummaC2 has a reseller program that gives 20% commission to agents for new subscriptions they bring on the platform.

Stealc – This malware, first identified in February 2023, is a lightweight stealer with automated exfiltration that targets over 22 online browsers, 75 plugins, and 25 desktop wallets. It’s sold for $200/month and is growing in popularity. It was previously spotted being distributed through YouTube videos promoting tainted cracked software.

WhiteSnake – The strain was initially advertised on threat operator forums as an email, Telegram, Steam, and cryptocurrency wallet stealer. It supports Windows and Linux systems, which is unusual in this field. WhiteSnake has approximately 750 Telegram subscribers and sells for $140/month or $1,950 for lifetime access.

The cybersecurity company’s report notes a new product type called “Clouds of Logs,” which sells subscriptions to access private cloud-hosted log collections built by threat actors disseminating info-stealer malware. Clouds of logs are a more private and safer alternative to automated log markets, designed to provide an easier way for data sellers to monetize their activities without intermediaries being involved. The emerging new info-stealers at low prices lower the entry hurdle for cybercriminals, particularly in the case of Titan, which sells for only $120 per month. The cybersecurity company expects the Malware-as-a-Service market to preserve its popularity, and using an info-stealer will continue to be substantial.

With malware operations emerging with new tactics and techniques, including info-stealing malware, it’s essential for companies always to remain vigilant of the current threat landscape and regularly update their network security software. At SpearTip, we offer partners our pre-breach advisory services, which allow our engineers to examine companies’ security postures to improve the weak points in their networks. Our team engages with the companies’ people, processes, and technology to measure the maturity of the technical environments. Our experts provide companies with technical roadmaps for any vulnerability uncovered, ensuring they have the awareness and support to optimize their overall cybersecurity posture. SpearTip offers cutting-edge technology and experienced personnel dedicated to protecting you from malicious activity 24/7/365. Our Security Operations Center (SOC) team continuously monitors partner networks to quickly identify, neutralize, and counter any irregular activity before it becomes a devastating event. We work with your security teams to ensure the most robust security and protection of companies’ business-critical data. Identifying technical vulnerabilities inside and outside companies provides a deeper context to potential environmental gaps.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.