← All articles

Cheap OnyxC2 service puts enterprise-grade data theft within easy reach

Researchers at BlackFog have detailed OnyxC2, a new malware-as-a-service sold on cybercrime forums that packages professional-grade data theft for as little as $250 a month, with a $500 premium tier adding hidden-desktop control and a $6,000 buyout option. It ships with a polished control panel and ready-made lures disguised as FinePrint, Windows Settings, a fake Windows update, and a game installer. Its payloads slipped past VirusTotal scanning when first uploaded and were still undetected weeks later, and builds use AES-256 encryption. The low price and turnkey design lower the barrier for less-skilled criminals to run capable infostealing campaigns.

Check
Watch endpoints for execution of lure-style installers impersonating FinePrint, Windows Settings, or Windows updates from untrusted sources, and hunt for unexplained outbound data transfers and hidden-desktop activity.
Affected
Organizations whose staff can be tricked into running disguised installers; the low cost and bundled lures widen the pool of attackers able to deploy capable infostealers.
Fix
Restrict software installation to approved sources, enforce application allow-listing and EDR with behavioral detection, train staff on disguised-installer lures, and monitor for and block anomalous data exfiltration.