Intel Name: Anatomy of celestial stealer: malware-as-a-service revealed
Date of Scan: December 11, 2024
Impact: High
Summary: During proactive threat hunting, Trellix Advanced Research Center identified samples of Celestial Stealer, a JavaScript-based infostealer packaged as either an Electron application or a Node.js single application for Windows 10 and 11. Offered as Malware-as-a-Service (MaaS) on Telegram, it allows users to purchase subscriptions—weekly, monthly, or lifetime—for access to its malicious features. The stealer targets Chromium and Gecko-based browsers, as well as applications like Steam, Telegram, and cryptocurrency wallets such as Atomic and Exodus.