A new credential-stealing malware dubbed “123 | Stealer” is being offered on underground cybercrime forums, targeting individuals and organizations with a suite of data theft capabilities.
The tool, advertised by the threat actor known as #koneko, is priced at $120 per month, positioning itself among a growing market of subscription-based infostealers.
Alleged Features and Technical Details
According to forum advertisements, “123 | Stealer” is written in C++ and boasts a range of data extraction features.
The malware is designed to steal:
- Browser data (including cookies and saved passwords)
- Cryptocurrency wallets
- Process and file grabs
- Browser extensions
The malware also claims compatibility with major Chromium and Gecko-based browsers, as well as support for over 70 browser extensions and popular platforms such as Discord.
The operator requires buyers to set up a proxy server (compatible with Ubuntu/Debian systems) to facilitate data exfiltration, and the malware is distributed as a DLL-free stub with a file size of approximately 700KB.
The admin panel, as described in the advertisements, provides centralized management for stolen data and supports a wide array of targets, making it attractive for cybercriminals seeking broad credential harvesting capabilities.
Underground Market Dynamics and Verification Status
The emergence of “123 | Stealer” comes amid a highly active underground ecosystem, where stealer logs, malware, and access credentials are routinely traded and discussed.
Forums like LeakBase and DarkForums have become central hubs for such activity, especially following the takedown of major platforms like BreachForums, which has led to a dispersal of threat actors across multiple sites.
Despite its feature set and aggressive marketing, there are currently no public reviews or endorsements from other cybercriminals regarding the effectiveness or reliability of “123 | Stealer.”
As with many new offerings on these forums, claims made by the seller remain unverified until tested by buyers or observed in the wild.
The appearance of “123 | Stealer” highlights the ongoing innovation and competition within the cybercrime-as-a-service market, where new tools are rapidly developed and monetized.
Security professionals are advised to monitor underground forums for emerging threats and to implement robust detection and response strategies to counteract the evolving landscape of credential theft and data exfiltration.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The tool, advertised by the threat actor known as #koneko, is priced at $120 per month, positioning itself among a growing market of subscription-based infostealers.){kind=link}