Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Echelon Stealer: The Open Source Malware

Pietro Melillo : 31 July 2024 15:47

Echelon Stealer is an infostealer malware that was first discovered in 2018 and is still active. Currently shared as an open-source tool on GitHub, Echelon Stealer offers various advanced features for extracting sensitive data.

Despite being presented as an educational project, its potential for malicious use is significant.

What is an Infostealer?

An infostealer is a type of malware specifically designed to steal sensitive information from infected devices. These malware can gather a wide range of data, including:

  • Login credentials (username and password)
  • Financial information (credit card numbers, bank accounts)
  • Personal data (addresses, phone numbers)
  • Information stored in browsers (cookies, autofill data)
  • Sensitive files on the device

Prova Gratuitamente Business Log! L'Adaptive SOC italiano

Proteggi la tua azienda e ottimizza il tuo lavoro grazie al SOC di Business Log, il software leader per audit, log management e cybersicurezza realizzato in Italia. Business Log garantisce:

  • Conformità a NIS2, GDPR e ISO 27001
  • Analisi avanzata e prevenzione del dossieraggio
  • Semplice da installare, potente da usare

  • Scarica ora la versione di prova gratuita per 30 giorni e scopri come Business Log può rivoluzionare la tua gestione dei log e la sicurezza IT!

    Promo Corso CTI

    Infostealers are often distributed through phishing campaigns, malicious email attachments, compromised software downloads, and other social engineering techniques. Once installed, the infostealer collects data and sends it to a server controlled by the attackers, allowing them to exploit this information for various illicit purposes, such as identity theft, financial fraud, and unauthorized access to systems and networks.

    Key Features of Echelon Stealer

    Data Extraction

    Echelon Stealer can extract data from various browsers and applications. Supported browsers include all Chromium-based ones, Edge, and Gecko-based (such as Mozilla Firefox). The extraction features include:

    • Clipboard data
    • Discord and Telegram sessions
    • Outlook emails
    • Files with saving directory paths and scanning subdirectories
    • FileZilla
    • Total Commander
    • Pidgin
    • Psi and Psi+
    • System screenshots
    • PC information (PCinfo)

    VPN and Cryptocurrency Wallets

    Echelon Stealer can also gather data from various VPN applications and cryptocurrency wallets, including:

    • NordVPN
    • OpenVPN
    • ProtonVPN
    • Armory
    • Atomic Wallet
    • Bitcoin Core
    • Bytecoin
    • Dash Core
    • Electrum
    • Ethereum
    • Exodus
    • Jaxx
    • Litecoin Core
    • Monero
    • Zcash

    Additional Features

    In addition to data collection capabilities, Echelon Stealer includes other functionalities such as:

    • Sending logs to a Telegram bot
    • Automatic self-removal after sending logs
    • Log resubmission protection

    Recent Updates

    The latest project update includes various bug fixes and has made the project more stable. Now, all extraction methods are organized into different files and folders for greater convenience.

    Disclaimer

    The creator of Echelon Stealer has clearly stated that the project is written exclusively for educational purposes and assumes no responsibility for the use of the project or any of its code parts. This notice is essential as the misuse of such tools can lead to severe legal and ethical consequences.

    Conclusion

    Echelon Stealer represents an example of how open-source tools can be used for both legitimate and malicious purposes. It is crucial that such tools are used with awareness and responsibility. The community of developers and security researchers must remain vigilant and collaborative to mitigate the risks associated with these tools and promote the ethical use of technology.

    Pietro Melillo
    Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"