HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING

SUMMARY :

Hexon Stealer, a malware capable of extracting sensitive information from browsers, has emerged as a rebranded version of Stealit Stealer. It utilizes the Electron framework and NSIS installer format to target browser cookies, credentials, and crypto-wallets. The malware grants full remote access to compromised systems, allowing attackers to monitor screens, control inputs, and engage in ransom negotiations. Hexon Stealer's key capabilities include Discord injection, game account access, cryptocurrency theft, and various remote control features. The developer, likely Turkish, promotes the stealer through Telegram and Signal channels, offering subscription plans. The malware's code is heavily obfuscated to evade detection, and it employs sophisticated techniques to exfiltrate stolen data.

OPENCTI LABELS :

obfuscation,remote access,cryptocurrency theft,nsis installer,fewer stealer,browser data theft,hexon stealer,electron framework,stealit stealer,turkish developer,discord stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING