216.73.217.64

MaaS Appeal: An Infostealer Rises From The Ashes

· Published 31/07/2025 20:03 · Modified 31/07/2025 20:27

Export JSON

Essential information

Published
31/07/2025 20:03
Modified
31/07/2025 20:27
Tags
2025-07-31 anti-analysis credential-theft data exfiltration electron infostealer maas malicord node.js nova sentinel novablight obfuscation
Related entities
8 observables, 1 intrusion sets (apt), 9 techniques (mitre), 3 malware

Description

is a NodeJS-based Malware-as-a-Service () information stealer developed by a French-speaking threat group. It's sold as an educational tool but used for credential theft and cryptowallet compromise. The malware features heavy , multiple techniques, and various methods. It can disable Windows Defender, sabotage system recovery, and inject malicious code into popular -based applications. employs comprehensive system enumeration, captures screenshots and webcam footage, and steals passwords from various sources. The threat actors use Telegram and Discord for sales and support, with licenses valid for up to a year.

External references