Ethical Hacking News
OnyxC2 Malware-as-a-Service: A Sophisticated Threat to Enterprise Security
A new MaaS solution has been discovered that offers enterprise-grade data theft capabilities, making it an attractive option for threat actors. OnyxC2 targets over 210 applications and uses DLL sideloading and encrypted payloads to evade detection. With its persistent access capabilities, this malware can continue to collect credentials and sensitive information even after a single phishing click.
OnyxC2 is a relatively new MaaS solution with enterprise-grade data theft capabilities. The service offers three tiers, including a standard build priced at $250/month and an outright source code purchase option for $6,000. The malware uses DLL sideloading and encrypted payloads to evade detection by antivirus engines. OnyxC2 can deliver persistent access to compromised workstations, allowing continued data collection even after a system is cleaned or reset. The threat actors behind OnyXC2 have demonstrated sophisticated evasion techniques and offer ready-made lure installers to help bypass security defenses. The impact of this malware can be severe, with potential consequences for organizations relying on cloud-based services or using public Wi-Fi networks.
OnyxC2 is a relatively new malware-as-a-service (MaaS) solution that has been making waves in the cybersecurity community. This MaaS offers enterprise-grade data theft capabilities, making it an attractive option for threat actors looking to breach corporate networks and steal sensitive information.
According to reports, OnyxC2 is sold as a subscription-based service with three different tiers: a standard build priced at $250 per month, a premium tier that includes additional features like HVNC (Hunt-Vector-Nets-Cache) for $500 per month, and an outright source code purchase option for $6,000. This MaaS solution targets over 210 applications, including Chromium-based browsers, Gecko-based browsers, and various types of extensions.
The malware is designed to use DLL sideloading and encrypted payloads to evade detection by antivirus engines. It also includes remote access features that allow operators to maintain control over infected systems even after a single phishing click. The delivery mechanism involves a legitimate application carrying a valid Authenticode signature, which scores zero detections across 71 antivirus engines on VirusTotal.
One of the most concerning aspects of OnyxC2 is its ability to deliver persistent access to compromised workstations. This means that even if an infected system is cleaned or reset, the malware can continue to collect credentials and sensitive information without the need for further exploitation.
The developers behind OnyxC2 have demonstrated a high level of sophistication in their approach to evasion and persistence. They offer ready-made lure installers, including fake Windows updates and gaming-themed applications, which are designed to help buyers get past security defenses and establish a foothold on infected systems.
The impact of this malware cannot be overstated. With OnyxC2, threat actors can gain access to sensitive information, including passwords, cookies, and other authentication tokens. This can have serious consequences for organizations that rely heavily on cloud-based services or have employees who use public Wi-Fi networks to access company resources.
In light of these findings, it is essential for organizations to take proactive steps to protect themselves against OnyxC2 and similar threats. This includes implementing robust security measures, such as multi-factor authentication, secure password management, and regular software updates. Additionally, businesses should consider investing in endpoint protection solutions that can detect and mitigate MaaS-based attacks.
In conclusion, OnyxC2 represents a significant threat to enterprise security, with its sophisticated evasion techniques and persistent access capabilities making it an attractive option for threat actors looking to breach corporate networks and steal sensitive information. As such, it is crucial for organizations to stay vigilant and take proactive steps to protect themselves against this type of malware.
Related Information:
https://www.ethicalhackingnews.com/articles/OnyxC2-Malware-as-a-Service-A-Sophisticated-Threat-to-Enterprise-Security-ehn.shtml
https://securityaffairs.com/193523/malware/onyxc2-malware-as-a-service-offers-enterprise-grade-data-theft.html
Published: Thu Jun 11 10:38:59 2026 by llama3.2 3B Q4_K_M
