Malware, Threat Intelligence

Nascent SolyxImmortal infostealer examined

Newly emergent information-stealing malware SolyxImmortal, which is believed to have been created by a Turkish-speaking threat actor, enables stealthy surveillance and data theft via legitimate APIs and third-party libraries, SecurityWeek reports.

Dedicated Discord webhooks have been harnessed by SolyxImmortal for data exfiltration and screenshot delivery to its command-and-control servers, findings from a Cyfirma analysis showed. Targeted by the stealer malware are Chrome and other Chromium-based browser credentials, as well as documents in the device's home directory, which are gathered in a temporary directory before being compressed and exfiltrated. All temporary files and directories are later deleted by SolyxImmortal. Despite being thought to serve as an opportunistic data theft tool for low-to-medium sophistication attackers, SolyxImmortal could be reused for other intrusions, according to Cyfirma researchers.

"From a threat landscape perspective, this sample reflects a broader trend of mid-tier threat actors leveraging readily available platforms and scripting languages to deploy effective surveillance tooling without maintaining dedicated infrastructure," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds