DarkCloud: $30 Visual Basic Infostealer Targets Businesses

Security researchers have identified a new information‑stealing malware family dubbed DarkCloud, notable for two striking traits: it’s written in Visual Basic (VB6) and it’s being marketed for roughly $30. Despite its low price and relatively old development language, DarkCloud is capable of harvesting credentials from web browsers, email clients and a range of enterprise applications.

Analysts say the malware’s capabilities include scraping saved passwords, session tokens and desktop client credentials, enabling attackers to pivot into business environments. DarkCloud’s use of VB6 is unusual in modern threats, but that doesn’t reduce its impact; the codebase is simple to modify and deploy, making it attractive to less skilled operators and commodity crime gangs.

Because DarkCloud is inexpensive and easy to run, it lowers the barrier to entry for cybercrime. Small organizations and individual employees who reuse passwords or fail to enable multi‑factor authentication (MFA) are especially at risk. Researchers warn that compromised credentials can lead to account takeover, data exfiltration and lateral movement inside corporate networks.

Detection can be challenging because Visual Basic binaries may evade some heuristics aimed at more common languages and frameworks. Still, defenders can reduce risk: enforce MFA, implement password hygiene policies, limit credential storage in browsers and clients, and deploy endpoint detection tools tuned to credential‑harvesting behaviors. Regular patching and least‑privilege access controls also help limit post‑compromise damage.

For readers managing IT or security, DarkCloud is a reminder that threat actors don’t need exotic toolkits to cause real harm. Affordable, easy‑to‑use malware can produce costly breaches when combined with weak authentication and legacy configurations.