A new Python-based info stealer called SolyxImmortal employs legitimate APIs and third-party libraries to stealthily harvest and exfiltrate data on Windows systems. It features comprehensive surveillance capabilities and is linked to a Turkish-speaking threat actor, highlighting the ongoing threat of opportunistic malware campaigns. #SolyxImmortal #Cyfirma
Keypoints
- SolyxImmortal is a Python-based malware targeting Windows for data theft and surveillance.
- The malware uses hardcoded C&C parameters and Discord webhooks for exfiltration and notifications.
- It infects by copying itself into the AppData directory and registers in the user’s Run key for persistence.
- The stealer extracts credentials from Chromium browsers, captures keystrokes, and takes targeted screenshots.
- Developed by a Turkish-speaking actor, it is designed for opportunistic attacks and easily repurposed by others.
Read More: https://www.securityweek.com/solyximmortal-information-stealer-emerges/