The daring creator of WeSteal, a new cryptocurrency stealer, promises its clients a lucrative way to easy money in 2021. Read on to know more about it…
WeSteal, a commodity cryptocurrency stealer, is available online without the authors’ intent to hide it. Furthermore, the creators of this stealer had introduced new features and aided the spread of another commodity malware known as WeControl RAT.
In mid-February, according to Palo Alto Networks — a cyber-criminal known as ComplexCodes was seen selling the latest version known as WeSteal on underground forums. Security experts believe the new model is likely an advanced version of WeSupply Crypto Stealer, which has been sold by the same seller since May 2020.
In addition, some forum posts detailing support for zero-day exploits and antivirus bypassing were released.
WeSteal is allegedly being sold by the cyber-criminals on a subscription basis, with prices ranging from $24 for one month, $60 for three months, and $150 for a year. Furthermore, rather than allowing customers to control their own C2, the stealer uses a hosted C2-as-a-service model (C2aaS).
About WeSteal
WeSteal is a Python-based malware that searches for strings related to wallet addresses that victims have copied to their clipboard using regular expressions. WeSteal is a Python-based Trojan (westeal.py) that was written using the open-source PyArmor source code obfuscator.
According to security researchers, the malicious coder is thought to be an Italian vixer who previously developed the “Zodiac Crypto Stealer” and “Spartan Crypter” for obfuscating malware to avoid detection by antivirus software.
The post published by Palo Alto Networks reads “When pursuing cases against malware authors, prosecutors typically need to demonstrate the author’s intent for the malware. Many authors will hide behind meaningless Terms of Service statements that end users must not use the malware for illegitimate purposes. They will often describe potential “legitimate” uses for their malware – only to further describe anti-malware evasion properties, silent installation and operation or features such as cryptocurrency mining, password theft or disabling webcam lights.”
Some Developments
The authors recently added three new cryptocurrencies to the list of targeted cryptocurrencies namely Litecoin, Bitcoin Cash, and Monero. The stealer had previously only allowed it for Bitcoin and Ethereum.
Since WeSteal was marketed as having a RAT Panel, analysts discovered similar malware samples behaving similarly to WeSteal during the initial process. But, experts noticed that not a single RAT feature was marketed or observed.
Further investigation revealed that the authors were only attempting to sell WeControl RAT, a relatively new piece of malware, while also advertising changes to WeSteal.
“The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves. WeControl is similarly both designed and marketed as a tool for illicit activity, lacking in propriety no less than the earlier WeSteal.” concludes the report.
Concluding Words
The ease in which this crimeware model can be monetized, as well as the anonymity of cryptocurrency theft and the low cost of such operations, would undoubtedly make it appealing and influential among less-skilled classes. As a result, it is recommended that companies remain safe by keeping their operating systems and other software and applications up to date.