Easy Stealer

Easy Stealer is a new info stealer written in Golang, being sold on underground forums since July 2023. It targets cryptocurrency wallets and browser stored credentials, so personal and financial info is at risk.

Key Insights

Easy Stealer appeared on the Russian underground forum XSS.is in July 2023, being advertised as a cheap and user-friendly tool. It has a custom file grabber and dynamic loader, control panel is hosted on the buyer’s infrastructure.

Technical Details

The malware extracts data from Chromium-based browsers, saved passwords, cookies, autofill history, and credit card details. It also targets over 50 cryptocurrency wallets and runs in memory, supporting PE and DLL formats for flexibility. Golang architecture makes it cross-platform and efficient.

Impact

With its ease of use, affordable price, and active development, Easy Stealer will be used by many cybercriminals. Its ability to add new features will make it a threat to individuals and organizations.

Known Variants

No variants of Easy Stealer found yet. But since it’s still being developed, new versions with more features will come.

Mitigation Strategies

Update OS and apps.
Use trusted AV and AM.
Don’t download from untrusted sources.
Enable 2FA.

Targeted Industries or Sectors

Easy Stealer doesn’t target any specific industries or sectors. It can be used against any Chromium based browser users or cryptocurrency wallet users so it’s a broad threat.