Redazione RHC : 7 July 2025 07:53
A new infostealer emerges from the criminal underground and its name is “123 | Stealer”. The author of this software is a hacker who hides under the pseudonym koneko. He offers the malware for rent for $120 per month, presenting it as a universal tool for stealing confidential information.
The program is designed with a focus on performance and mobility. According to the author,“123 | Stealer” is written in C++, does not require additional libraries, and is approximately 700 kilobytes in size. The malware is distributed as a compact standalone executable file, which makes it difficult for antiviruses to detect it.
However, using this tool presents some technical challenges. To work, the attacker must set up their own Ubuntu or Debian-based proxy server. This requirement not only increases the level of stealth and makes it more difficult to trace command and control traffic, but also requires the user to have basic technical skills.
The features of “123 | Stealer” include stealing data from popular browsers like Chrome and Firefox. The malware is capable of extracting passwords, cookies and saved browsing history. Of particular interest is the function aimed at stealing cryptocurrency wallets, which highlights the relevance of such attacks in the context of the growing interest in digital assets.
In addition, the program can intercept processes and files running on the infected device, as well as interact with browser extensions. The control panel supports over 70 extensions for Chromium and Gecko-based browsers, including instant messengers and other popular platforms.
Below is what the developers reported in the Russian-language XSS underground forum.
123 Stealer collects browser data, cookies, passwords, file grabber, process grabber, chrome browser extensions, cryptocurrency wallet collection, and mostly default stuff like everyone else.
You need your own server on ubuntu or debian, to install proxy is mandatory!
License for one month 120$, only for one month and not more.
For detections and force majeure liability is not responsible. (and what did you want for such a sum?) cryptuite damn)
The build is written in c++, does not load additional dlls, weight about 700kb, x64
Everything is stored on our servers.
Rules
It is strictly forbidden to work in Russia, CIS countries and former USSR republics. Violation of this rule will lead to immediate blocking of the account without explanation.
We are not responsible for your logs and force majeure. Due to the limited space on the server, we are forced to clean it periodically. We recommend that you save the most important logs yourself.
The emergence of “123 | Stealer” is yet another confirmation of the active development of the malware market based on the “malware as a service” (MaaS) model. Within the framework of this scheme, the authors provide access to cyber espionage and information theft tools for a monthly fee. Already known tools such as RedLine and LummaC2 are distributed in a similar way.
The basis of such programs is the collection of confidential data, which is then sold or used to hack accounts, commit fraud and other attacks. However, the capabilities of “123 | Stealer” remain uncertain: in the underground community, only tools that have proven their effectiveness in practice and earned the trust of cybercriminals are in high demand.
Cybersecurity experts emphasize that the spread of such programs lowers the threshold for entry into the cybercriminal environment. Even users with minimal technical knowledge can launch attacks that use advanced information-stealing methods.
If the claims of “123 | Stealer” are true, its modular architecture and support for multiple platforms could indeed pose a serious threat to both individuals and organizations. It is still too early to assess the full impact of the new malware, but businesses and individuals are already advised to be extremely vigilant, update their security measures, and constantly monitor for signs of data leakage.
Redazione