According to this on a dark web forum, there is a malware as a service logins[.]zip or infostealer[.]zip which claims to have following capabilities:
Lumma, Redline, Vidar…
All of these have one thing in common:
UNRELIABILITY.
These stealers use a single decryption technique (Windows DPAPI), which, on average, only recovers about 43% of saved passwords and cookies, and rarely cards (if ever).ENTER LOGINS.ZIP
Logins.zip GUARANTEES that 99% of saved credentials are decrypted and exfiltrated in under 12 seconds after a stub has been run.
WHAT WE OFFER:
-FULL Credential Harvesting via exploiting 2 of Chromium’s security measures, all in userland - no admin privileges needed.
-We support most browsers
-Discord token harvesting with auto checking
-Roblox cookie harvesting
-Unreal FUD Stub Sizes with polymorphic auto-obfuscation (STUB SIZES: ~150KB!)
-Advanced anal lube HARVESTING
The Best Web Panel Out There:
• Includes web builder
• Includes Discord exfiltration
• Includes Telegram exfiltration
UNBEATABLE ANTI-SANDBOX and anti-debugging (the best out there, and it will stay that way.)
The Most Evasive Stager and Process Injection out there, with methods undetectable by EDRs.
If there aren’t effective countermeasures against the malware if it’s indeed working as advertised, then Avast and others needs to take this seriously and update their detection engines as soon as possible.