Beware of Nova Stealer Malware Sold for $50 on Hacking Forums

The cybersecurity landscape faces a new challenge with the emergence of Nova Stealer, a malware marketed under the Malware-as-a-Service (MaaS) model.

Priced as low as $50 for a 30-day license, this malicious tool has gained traction among cybercriminals for its affordability and effectiveness.

Nova Stealer, a modified variant of the SnakeLogger malware, is designed to exfiltrate sensitive information from compromised systems.

The malware has been actively distributed via phishing campaigns targeting industries such as finance, retail, and IT, particularly in Russia and other regions.

How Nova Operates

Nova Stealer is typically delivered through phishing emails disguised as legitimate documents, such as contract archives.

Once executed, the malware employs sophisticated techniques to evade detection.

It utilizes steganography to conceal its payload and exploits Windows utilities like PowerShell to disable Microsoft Defender and gain persistence through the Task Scheduler.

The malware then injects its code into a suspended process using process hollowing techniques.

Upon activation, Nova Stealer harvests a wide array of data, including saved credentials from browsers and applications, keystrokes, clipboard content, and screenshots.

It also targets cryptocurrency wallets and session cookies for platforms like Discord and Steam.

According to the report, the stolen data is exfiltrated via channels such as SMTP, FTP, or Telegram APIs.

A Growing Market for Cybercrime Tools

Nova Stealer’s affordability and ease of use make it accessible to a broad spectrum of threat actors.

The developers behind the malware offer additional services, such as cryptors to bypass antivirus detection, with prices ranging from $60 to $150 depending on the subscription duration.

A Telegram group created in August 2024 serves as a hub for promoting and providing technical support for the malware.

This MaaS model significantly lowers the entry barrier for cybercriminals, enabling even novice attackers to deploy sophisticated campaigns.

The availability of free keys and promotional offers further exacerbates its proliferation.

The rise of Nova Stealer highlights the persistent threat posed by information stealers in the cybercrime ecosystem.

The stolen data can be leveraged for various malicious purposes, including identity theft, financial fraud, and ransomware attacks.

Organizations are advised to implement robust email security measures to detect phishing attempts and educate employees on recognizing suspicious attachments.

Endpoint detection and response (EDR) solutions should be employed to monitor unusual system activities such as unauthorized process injections or registry modifications.

Regular updates to antivirus software and operating systems are critical to mitigating vulnerabilities exploited by such malware.

As cybercriminals continue to innovate, proactive threat intelligence remains essential in identifying emerging threats like Nova Stealer before they cause widespread damage.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free