XehookStealer is a .NET malware for Windows systems that steals data. It targets Chromium and Gecko browsers and supports over 110 cryptocurrencies and 2FA extensions.
XehookStealer evolved from Agniane Stealer and the Cinoshi project. This looks like a transition from MaaS to more complex tools like XehookStealer.
Distribution Methods
Malware is distributed via SmokeLoader binaries. SmokeLoader is a downloader that installs XehookStealer on compromised systems.
Command-and-Control Infrastructure
XehookStealer uses C2 servers to control infected systems. Researchers have found multiple C2s, some of which are the same as Agniane Stealer, which means shared infrastructure or author.
Implement endpoint protection solutions to detect and block malware execution.
Educate users about the risks of downloading and executing files from untrusted sources.
Monitor network traffic for unusual activities like unauthorized connections to external servers.
Keep software and security solutions updated to have the latest threat definitions and protection mechanisms.