Xillen Stealer v4/v5: Advanced Cross-Platform Malware Threat

Darktrace analysts warn about the rapidly evolving Xillen Stealer malware, which now includes advanced evasion mechanisms and multiple modern C2 techniques. The malware targets over 100 browsers, 70+ cryptocurrency wallets, password managers, developer environments, and cloud credentials. Notable updates include the AI Target Detection module, which prioritizes high-value targets based on rule-based pattern matching. The malware also features a Rust-based polymorphic engine and steganographic methods to hide stolen data. Xillen Stealer is marketed openly on Telegram, with licenses offered through a professional dashboard.

Latest mentioned: 11-24

Earliest mentioned: 11-21

Sources

securityonline.info gbhackers.com

Also Read

StealC V2 Malware Spread via Blender Files on 3D Sites

Cybersecurity firm Morphisec reported that StealC V2 infostealer is being spread through malicious Blender files on 3D model marketplaces. The malware abuses Blender’s ability to run Python scripts for automation and add-ons. The campaign, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader. Users unknowingly download these files, which execute embedded Python scripts upon opening in Blender. The attack chain begins with a tampered Rig_Ui.py script embedded inside the .blend file, which fetches a loader from a remote domain, downloading a PowerShell stage and ZIP archives containing Python-based stealers. The malware creates LNK files to secure persistence and uses Pyramid C2 channels to retrieve encrypted payloads. StealC V2 now targets more than 23 browsers, over 100 plugins, more than 15 desktop wallets, and a range of messaging, VPN, and mail clients.

11-26Read more →