1. MalFactory Stealer Builder
A new Malware-as-a-Service (MaaS) offering called “MalFactory Stealer Builder” is being marketed as a plug-and-play kit for building customized info-stealers.
Buyers can generate payloads designed to steal:
- Files
- Crypto wallets
- Browser cookies
- 2FA data
- Game accounts
- Telegram sessions
It also claims to have a built-in anti-VM checks and persistence mechanisms, designed to evade sandbox analysis and stick around after infection.
The most aggressive selling point? An advertised 0% antivirus detection rate.
Even though claims like this are often marketing hype, while partially true, it signals deliberate evasion engineering. These aren’t amateur scripts, this is a builder optimized to stay quiet long enough to extract high-value data.
Why these matters
- Broad attack surface - It’s not just passwords. Wallets, session tokens, and 2FA artifacts mean full account takeover is possible.
- Session theft - Stealing cookies and Telegram sessions bypasses MFA entirely.
- Easy to scale -You don’t need to be a developer anymore. You just need a wallet and bad intent.
This is industrialized credential harvesting, one that scales fast.
2. Alleged “0-Click” Exploit Tool
Another listing advertises what’s described as a “0-click” exploit tool.
It claims to bypass traditional security controls by storing an encrypted payload in the browser cache. The victim is then socially engineered into copying and pasting a command presented as something harmless into File Explorer. This action triggers execution of the malicious code.
This isn’t truly zero-click.
There is user interaction.
But the interaction is minimal and disguised as routine behaviour.
And That is the dangerous part.
What makes this risky
- Minimal friction - If the social engineering is convincing, the barrier to execution is low.
- Blended technique - Combines browser behaviour, local execution, and user trust.
- Psychological exploitation -The attack succeeds not through technical wizardry alone, but through manipulation.
The biggest takeaway from this week isn’t just “new stealer” or “new exploit claim.” Rather, It is the convergence of:
- Low-effort execution techniques
- Evasion-focused payload builders
- Marketing that emphasizes detection resistance
- Accessibility to less sophisticated actors
That combination increases the likelihood of wider distribution and opportunistic campaigns, especially in environments where users are accustomed to copying commands or troubleshooting via shared instructions.
This wasn’t random noise on a forum. It looked like supply chain building, only it’s for cybercrime.
.png)
.png)