Newly emergent information-stealing malware SolyxImmortal, which is believed to have been created by a Turkish-speaking threat actor, enables stealthy surveillance and data theft via legitimate APIs and third-party libraries, SecurityWeek reports.Dedicated Discord webhooks have been harnessed by SolyxImmortal for data exfiltration and screenshot delivery to its command-and-control servers, findings from a Cyfirma analysis showed. Targeted by the stealer malware are Chrome and other Chromium-based browser credentials, as well as documents in the device's home directory, which are gathered in a temporary directory before being compressed and exfiltrated. All temporary files and directories are later deleted by SolyxImmortal. Despite being thought to serve as an opportunistic data theft tool for low-to-medium sophistication attackers, SolyxImmortal could be reused for other intrusions, according to Cyfirma researchers."From a threat landscape perspective, this sample reflects a broader trend of mid-tier threat actors leveraging readily available platforms and scripting languages to deploy effective surveillance tooling without maintaining dedicated infrastructure," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



