Anatomy of celestial stealer: malware-as-a-service revealed

Intel Name: Anatomy of celestial stealer: malware-as-a-service revealed

Date of Scan: December 11, 2024

Impact: High

Summary:
During proactive threat hunting, Trellix Advanced Research Center identified samples of Celestial Stealer, a JavaScript-based infostealer packaged as either an Electron application or a Node.js single application for Windows 10 and 11. Offered as Malware-as-a-Service (MaaS) on Telegram, it allows users to purchase subscriptions—weekly, monthly, or lifetime—for access to its malicious features. The stealer targets Chromium and Gecko-based browsers, as well as applications like Steam, Telegram, and cryptocurrency wallets such as Atomic and Exodus.

More Details