Fox Stealer

The Fox Stealer cyber-threat is derived from the Pony Botnet with more features added to it and support for the Pony Botnet control panel. The Fox Stealer emerged in August 2016 on computer security reports. The Fox Stealer software may be found promoted on the Dark Web under aliases like 'Cronbot,' 'Fox' and 'PonyForx.' The author of Fox Stealer has advertised it as an independent Trojan that can be dropped to targeted systems in EXE and DLL package. The Fox Stealer Trojan is written in the C++ programming language and does not require additional libraries to run on Windows. Access to the Fox Stealer software is offered via a subscription payment model. Interested cybercriminals can pay $250/€220 per month and take advantage of the user-friendly Pony Botnet control panel.

The Fox Stealer is known to be pushed alongside ransomware like the notorious CryptXXX Ransomware and the infamous Locky Ransomware. The Fox Stealer Trojan can be used to execute Distributed Denial of Service (DDoS) attacks; log keystrokes on infected hosts; take desktop screenshots; collect passwords from Chromium-based Web browsers, Mozilla Firefox, Internet Explorer and Opera; as well as download and run programs from a remote server. Some versions of the Fox Stealer Trojan have been observed to lock content on the user's disks and demand payment. Fox Stealer may block access to the Registry editor, the Task Manager, and block booting into Safe Mode. It is recommended to scan infected devices with a trusted anti-malware suite, and you should make sure your Web browser is up-to-date.