xortostealer, a new info stealer tool has made the news in recent weeks after information about it was leaked on a hacker forum. The stealer, which is advertised as a fully undetected Discord, Browser, Robox Stealer, and Cookie Password Stolen Stealer, offers a wide range of services including extracting passwords, cookie, autofills, and session tokens from popular platforms including TikTok, Instagram, Steam,and  Discord, as well as browsers lile Chrome, Brave, Opera, OperaGX, OperaNeon, and Yandex.

What we know so far:

Increased Credential Theft Risk: This stealer tool significantly heightens the danger of credential theft, enabling the extraction of passwords and session tokens across multiple platforms.

Account Compromise and Data Breaches: With stolen credentials, attackers can easily breach user accounts, leading to data breaches and potential financial losses.

Targeted Attacks: The tool’s capacity to steal information from specific platforms indicates a possible focus on users of those platforms, potentially for phishing or other malicious activities.

Importance of Enhanced Security Measures: This development underscores the need for robust security practices to protect against credential theft and account compromise.

Telegram Support: The stealer has a dedicated Telegram page where potential customers can interact with the administrators. At the time this article was written, the administrators were offering limited premium subscriptions to users who can successfully invite new users or customers.

Free vs Premium subscription: The tool has a free subscription to anyone curious enough to try it. The free subscription comes with limited features. The premium subscription has all features unlocked and new features are available weeks before it gets to the free users.

More details about the tool can be found on the GitHub repo; hxxps://github.com/xortoproject/xortostealer

As of the time of this report, the tool has not been linked to any breaches or cases of credential theft.

What you can do to protect yourself:

Enable Multi-Factor Authentication (MFA): MFA adds a crucial layer of security by requiring a secondary form of authentication, such as a code sent to your phone, in addition to your password.

Use Strong and Unique Passwords: Create complex, unique passwords for each account and avoid reusing passwords across different platforms.

Be Wary of Phishing Emails and Links: Exercise caution with emails and links from unknown sources, as phishing attempts often lead to malicious sites designed to steal your credentials.

Keep Software and Browsers Updated: Regularly update your software and browsers to incorporate security patches that address vulnerabilities exploited by attackers.

Note: If you suspect any security breach, or want to report any suspicious activities, kindly reach out to us via our helpdesk at (help@cchub.africa)