ExelaStealer is a type of infostealer malware that was first observed in August 2023. It specifically targets compromised Windows systems and is written in Python, with support for JavaScript. This malware is distributed disguised as a PDF document [9], suggesting that it may be delivered through phishing or watering hole attacks [9].


ExelaStealer is designed to extract a wide range of sensitive data from infected systems. This includes passwords [5] [7], Discord tokens [1] [2] [4] [9], credit cards [1] [2] [3] [4] [5] [6] [7] [8] [9], cookies [1] [2] [3] [4] [5] [6] [7] [9], keystrokes [1] [2] [3] [4] [8] [9], screenshots [1] [4] [6] [9], and clipboard content [1] [2] [4] [9]. It is available for purchase on cybercrime forums and a dedicated Telegram channel [1] [4] [9], at a relatively low cost that makes it accessible to new hackers.

To evade detection, ExelaStealer employs code obfuscation techniques [3]. It executes obfuscated Python code in the background while displaying a lure document. The malware is compiled and packaged on a Windows-based system using a builder Python script [1] [4] [9], which adds source code obfuscation to resist analysis [1] [9].

Compared to other infostealing malware such as Raccoon [3], RedLine [3], Vidar [3], and ThirdEye [3], ExelaStealer is considered more dangerous [3]. It poses a significant threat to the security of compromised systems and the confidentiality of sensitive information.

ExelaStealer was discovered by cybersecurity researchers at FortiGuard Labs [3], who provided a detailed account of its workings in a blog post [3]. Its emergence, along with similar malware, highlights the ongoing threat of data theft and emphasizes the importance of implementing enhanced cybersecurity measures.


The rise of ExelaStealer and similar malware underscores the need for robust cybersecurity measures. Organizations and individuals must remain vigilant and take proactive steps to protect their systems and sensitive data. This includes implementing strong security protocols, regularly updating software, educating users about phishing and other cyber threats, and utilizing advanced threat detection and prevention tools. By staying informed and proactive, we can mitigate the risks posed by infostealer malware and safeguard our digital assets.


[1] https://mrhacker.co/cyber-attack/exelastealer-a-new-low-cost-cybercrime-weapon-emerges
[2] https://www.linkedin.com/pulse/exelastealer-rise-new-cybersecurity-threat-abdul-musawer-my4pe
[3] https://www.hackread.com/windows-infostealer-exelastealer-sold-on-dark-web/
[4] https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html
[5] https://www.cybersecurity-review.com/news-october-2023/another-infostealer-enters-the-field-exelastealer/
[6] https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
[7] https://thecyberwire.com/podcasts/daily-podcast/1931/transcript
[8] https://www.linkedin.com/pulse/exelastealer-cybercrime-subscription-theodore-mefford
[9] https://patabook.com/technology/2023/10/20/exelastealer-a-new-low-cost-cybercrime-weapon-emerges/