Echelon Stealer v5 is an open-source infostealer malware designed to extract sensitive data from compromised systems. First identified in 2018 and actively shared on platforms like GitHub under repositories such as swagkarna/Echelon-Stealer and madcode09/Echelon-Stealer-v5, it targets a wide range of applications, browsers, and cryptocurrency wallets. Marketed on underground forums like Blackhatrussia and XSS.is, it is promoted for its ability to steal login credentials, cryptocurrency wallet data, and system information, often with Telegram-based command-and-control (C2) capabilities. Despite claims of being an educational tool, its accessibility and potent features make it a significant threat in the hands of cybercriminals.
Echelon Stealer v5 is a .NET-based malware designed to harvest sensitive information from infected devices, including credentials, cryptocurrency wallet data, and system details. It supports a broad range of targets, including Chromium-based browsers (v81+), Firefox (v75+), and over 20 applications like Discord, Telegram, and FileZilla. Its open-source nature, with source code available on GitHub, makes it accessible to both novice and experienced attackers. The stealer uses Telegram for C2 communication, enabling attackers to receive stolen data in real-time. Despite claims from its creator, “Madcode,” that it is for educational purposes, its distribution on hacking forums and use in malicious campaigns highlight its potential for harm.
