A new open source Windows malware strain that can secretly steal passwords and other sensitive data is currently making the rounds online.

As reported by cybersecurity firm Cyble in a blog post, this new information-stealing malware, dubbed Exela, uses a Discord client for Windows to send stolen data back to the hackers behind this campaign.

In addition to stealing login credentials, personal data, and even financial information, this malware can also steal session information from a wide range of popular apps and online services, including social media and gaming platforms.

Exela Stealer was first discovered on VirusTotal by Cyble security researchers on September 14. However, it was not until May of this year that an early version of this malware was created and uploaded to GitHub. Since then, new features have been added to Exela, and the malware also has its own official Telegram channel.

What sets Exela Stealer apart from other Windows malware, however, is the way it uses Discord to leak stolen data from infected PCs.

Once downloaded to a computer, the Exela Builder will only run if a compatible version of Python (version 3.10.0 or 3.11.0) is installed on the machine. In this case, the Builder will begin the process of creating an executable (.exe) file.

When the malware builder batch file in the Exela setup folder is executed, a Discord Webhook URL is requested to continue the process. If the victim does not provide this URL, an error message will be displayed until they do.

Exela Stealer uses this Discord Webhook URL to act as a remote server for the hacker who deployed the malware. Essentially, this webhook is used to send all data stolen by the victim back to the hacker.

Exela Stealer achieves persistence by copying itself to a new directory in the victim's local app data folder after being fully installed on the victim's PC. It also adds a boot entry to the Windows registry, allowing the malware to run even after the infected PC has been rebooted.

Exela Stealer then targets Chromium-based web browsers installed on the victim's computer, such as Chrome, Edge, Brave, Opera, and Vivaldi. The malware steals not only credentials, but also credit card information, cookies, and other browser data, recording keystrokes and taking screenshots of the system.Exela Stealer can be found on Instagram, X, TikTok, Reddit, and other social media platforms, along with Steam and Roblox data.

All stolen data is sent back to the hackers behind Exela Stealer to be used for fraud and identity theft.

There are several measures you can take to protect yourself from Windows malware, but the most important is to exercise extreme caution when visiting certain Web sites or downloading new software.

You want to be aware of serious red flags, such as misspellings and grammatical errors, that indicate that the site you are visiting is actually a phishing page. Likewise, we recommend that you download new software for your PC from a reputable source, such as the Windows Store, or directly from the company that makes it. Piracy not only hurts developers, but also increases your chances of being infected with malicious malware if you try to illegally download games or software.

These steps will help you avoid encountering Windows malware in the first place, but to keep your PC protected, you also need to use the best antivirus software on your computer. Microsoft Defender has a limited budget It works well enough if you are on a budget, but it cannot match the features and regular updates of paid antivirus software.

Currently, Exela Stealer is distributed through phishing pages and websites offering free software downloads. However, given the functionality of this malware, cybercriminals should keep an eye on it, as they may continue to devise new distribution methods in the future.