Tuesday, May 13, 2025
Homecyber securityBeware of Nova Stealer Malware Sold for $50 on Hacking Forums

Beware of Nova Stealer Malware Sold for $50 on Hacking Forums

Published on

SIEM as a Service

Follow Us on Google News

The cybersecurity landscape faces a new challenge with the emergence of Nova Stealer, a malware marketed under the Malware-as-a-Service (MaaS) model.

Priced as low as $50 for a 30-day license, this malicious tool has gained traction among cybercriminals for its affordability and effectiveness.

Nova Stealer, a modified variant of the SnakeLogger malware, is designed to exfiltrate sensitive information from compromised systems.

- Advertisement - Google News

The malware has been actively distributed via phishing campaigns targeting industries such as finance, retail, and IT, particularly in Russia and other regions.

How Nova Operates

Nova Stealer is typically delivered through phishing emails disguised as legitimate documents, such as contract archives.

Once executed, the malware employs sophisticated techniques to evade detection.

It utilizes steganography to conceal its payload and exploits Windows utilities like PowerShell to disable Microsoft Defender and gain persistence through the Task Scheduler.

The malware then injects its code into a suspended process using process hollowing techniques.

Upon activation, Nova Stealer harvests a wide array of data, including saved credentials from browsers and applications, keystrokes, clipboard content, and screenshots.

Nova Stealer
Retrieved data exfiltration configuration

It also targets cryptocurrency wallets and session cookies for platforms like Discord and Steam.

According to the report, the stolen data is exfiltrated via channels such as SMTP, FTP, or Telegram APIs.

A Growing Market for Cybercrime Tools

Nova Stealer’s affordability and ease of use make it accessible to a broad spectrum of threat actors.

The developers behind the malware offer additional services, such as cryptors to bypass antivirus detection, with prices ranging from $60 to $150 depending on the subscription duration.

A Telegram group created in August 2024 serves as a hub for promoting and providing technical support for the malware.

This MaaS model significantly lowers the entry barrier for cybercriminals, enabling even novice attackers to deploy sophisticated campaigns.

The availability of free keys and promotional offers further exacerbates its proliferation.

The rise of Nova Stealer highlights the persistent threat posed by information stealers in the cybercrime ecosystem.

The stolen data can be leveraged for various malicious purposes, including identity theft, financial fraud, and ransomware attacks.

Organizations are advised to implement robust email security measures to detect phishing attempts and educate employees on recognizing suspicious attachments.

Endpoint detection and response (EDR) solutions should be employed to monitor unusual system activities such as unauthorized process injections or registry modifications.

Regular updates to antivirus software and operating systems are critical to mitigating vulnerabilities exploited by such malware.

As cybercriminals continue to innovate, proactive threat intelligence remains essential in identifying emerging threats like Nova Stealer before they cause widespread damage.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Researchers Introduce Mythic Framework Agent to Enhance Pentesting Tool Performance

Penetration testing is still essential for upholding strong security procedures in a time when...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...