WeSteal Infostealer Sold Online by Inexperienced Malware Developers

How Identity Thieves Steal Information

Public and private hacking forums are the favorite spot of both novice and experienced cybercriminals. Newbies over there can often spend around $50-$100 to get their hands on a personalized piece of malware, which they can use for a couple of months or even permanently. This post goes over a recent ad, which concerns this exact type of malware. The threat, dubbed the WeSteal Infostealer, is being promoted on multiple hacking boards by its creators. They advertise it as a one-of-a-kind stealer, which prioritizes targeting cryptocurrency wallets – not a surprise considering the rapid increase of cryptocurrency value over the past few months.

Sleek Marketing Campaign for Low-quality Commodity Malware

The developers of the WeSteal Infostealer appear to be trying to build a brand, and they have even set up an official website to sell their tools – WeSupply. Cybersecurity experts believe that WeSteal might be a rebranded or slightly modified variant of the WeSupply Crypto Stealer that the same gang released in 2020. According to WeSupply's advertisement, the WeSteal Infostealer is able to bypass antivirus software and make use of zero-day exploits to compromised machines – thankfully, these statements are false, and you can rest assured that an updated antivirus tool will keep you safe from this stealer's attack.

WeSteal Infostealer's price is set to €20/month, €50/3 months, and €125 for a year. The developers say that their malware is customer-friendly since the buyer will not need to worry about setting up a control serve. They can manage the WeSteal Infostealer through a Web-based panel. Despite being labeled as an infostealer, that's not WeSteal's true purpose. What it does is to monitor the clipboard of the victim for cryptocurrency addresses used by Bitcoin, Monero, Litecoin, Ethereum, and Bitcoin Cash. If such a string is copied by the victim, the malware will replace it with a wallet owned by the attacker. This attack is known as cryptojacking, and the malware that executes it is typically referred to as a clipper.

The authors of the WeSteal Infostealer have focused solely on marketing their poor attempt at creating an infostealer. It seems that they are preying on inexperienced cybercriminals who will immediately pay the subscription fee, because of the great features they are promised. Thankfully, WeSteal is far from good as it only possesses one barely functional feature. Still, malware attacks of this sort should never be underestimated, and you should keep your system protected by an antivirus application.

April 30, 2021

Leave a Reply