A recent post on a dark web forum has brought attention to a newly advertised malware tool known as Prysmax Stealer v1.0.2. According to the threat actor behind the post, this software is a sophisticated credential-stealing tool written in Rust and equipped with an integrated web panel for managing stolen data.
Alleged Capabilities and Features
The forum post describes Prysmax Stealer as a powerful data-harvesting tool capable of retrieving a wide range of sensitive information, including:
- Passwords
- Cookies
- Discord tokens
- Telegram sessions
- Cryptocurrency wallet files
- Gaming session data (supporting over 30 games)
- Credit card information
- Browsing history and bookmarks
A notable feature mentioned in the post is an integrated shortener that allows users to filter and export stolen credentials based on specific search terms, which the post claims enhances efficiency when retrieving login credentials from targeted websites.
Dark Web Marketplace Allegations
Beyond its data extraction capabilities, the post suggests that Prysmax Stealer offers a user dashboard with advanced functionalities such as:
- A log marketplace where stolen data can allegedly be sold or shared.
- Automated log forwarding to platforms like Telegram and Discord.
- Global analytics for tracking data theft trends by country and time frame.
- Custom payload builder, allowing attackers to generate executables with stealth features like Anti-VM and startup persistence.
The forum post also claims that the tool is “currently undetectable,” though it admits that long-term stealth cannot be guaranteed. The threat actor behind the advertisement states that detection bypasses are updated “almost daily.”
