OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on SecurityWeek .

According to researchers, the OnyxC2 stealer is a Malware-as-a-Service tool sold for $250 per month that enables extensive credential and data theft from over 210 applications, including browsers, password managers, 2FA extensions, cryptocurrency wallets, email, VPN, and remote access tools.[1][2] It uses enterprise-grade tradecraft such as encrypted payloads, DLL sideloading with a fake NVIDIA DLL, LSASS dumping, in-memory execution, Tor tunneling, and remote access features (HVNC, keylogging, reverse shell) to evade detection and maintain persistent access to compromised systems.[1][2] From a CyberSE.AI perspective, this dramatically lowers the barrier for less-skilled actors to achieve continuous compromise of endpoints that may also be used to access or administer AI systems, expanding the attack surface for AI-powered environments. Security teams should assume commodity MaaS tooling like OnyxC2 can be present on developer and operator workstations, and use Continuous AI Red Teaming and AI CISO Advisory to test how well their AI estate withstands account takeover, session hijacking, and data theft originating from compromised endpoints.