OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

Key Points:

• OnyxC2 is a sophisticated stealer available as Malware-as-a-Service (MaaS) for $250/month, designed for extensive credential theft across numerous applications and browsers.
• Its impact includes the potential for significant data breaches, with capabilities to harvest credentials from over 210 applications, including password managers and two-factor authentication extensions, affecting both individual and business systems.
• Recommended actions include monitoring for unusual access patterns, implementing strong authentication measures, and educating users about the risks of malicious software.

Technical Details: OnyxC2 utilizes advanced techniques such as LSASS dumping, encrypted payloads, and stealthy delivery methods to evade detection. The malware disguises itself as legitimate software and employs a DLL injection technique to execute its payload.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)
• T1055.001 - Process Injection: DLL Injection (Execution)
• T1560.001 - Archive Collected Data: Archive Data (Collection)

IOCs Mentioned: None mentioned.