Echelon Stealer: The Open Source Malware

Pietro Melillo : 31 July 2024 15:47

Echelon Stealer is an infostealer malware that was first discovered in 2018 and is still active. Currently shared as an open-source tool on GitHub, Echelon Stealer offers various advanced features for extracting sensitive data.

Despite being presented as an educational project, its potential for malicious use is significant.

What is an Infostealer?

An infostealer is a type of malware specifically designed to steal sensitive information from infected devices. These malware can gather a wide range of data, including:

• Login credentials (username and password)
• Financial information (credit card numbers, bank accounts)
• Personal data (addresses, phone numbers)
• Information stored in browsers (cookies, autofill data)
• Sensitive files on the device

Supporta RHC acquistando il Corso CTI:

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Infostealers are often distributed through phishing campaigns, malicious email attachments, compromised software downloads, and other social engineering techniques. Once installed, the infostealer collects data and sends it to a server controlled by the attackers, allowing them to exploit this information for various illicit purposes, such as identity theft, financial fraud, and unauthorized access to systems and networks.

Key Features of Echelon Stealer

Data Extraction

Echelon Stealer can extract data from various browsers and applications. Supported browsers include all Chromium-based ones, Edge, and Gecko-based (such as Mozilla Firefox). The extraction features include:

• Clipboard data
• Discord and Telegram sessions
• Outlook emails
• Files with saving directory paths and scanning subdirectories
• FileZilla
• Total Commander
• Pidgin
• Psi and Psi+
• System screenshots
• PC information (PCinfo)

VPN and Cryptocurrency Wallets

Echelon Stealer can also gather data from various VPN applications and cryptocurrency wallets, including:

• NordVPN
• OpenVPN
• ProtonVPN
• Armory
• Atomic Wallet
• Bitcoin Core
• Bytecoin
• Dash Core
• Electrum
• Ethereum
• Exodus
• Jaxx
• Litecoin Core
• Monero
• Zcash

Additional Features

In addition to data collection capabilities, Echelon Stealer includes other functionalities such as:

• Sending logs to a Telegram bot
• Automatic self-removal after sending logs
• Log resubmission protection

Recent Updates

The latest project update includes various bug fixes and has made the project more stable. Now, all extraction methods are organized into different files and folders for greater convenience.

Disclaimer

The creator of Echelon Stealer has clearly stated that the project is written exclusively for educational purposes and assumes no responsibility for the use of the project or any of its code parts. This notice is essential as the misuse of such tools can lead to severe legal and ethical consequences.

Conclusion

Echelon Stealer represents an example of how open-source tools can be used for both legitimate and malicious purposes. It is crucial that such tools are used with awareness and responsibility. The community of developers and security researchers must remain vigilant and collaborative to mitigate the risks associated with these tools and promote the ethical use of technology.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"