Specialists have warned that a new malware that steals information has been seen circulating on the dark web while seeking to attract new service customers and victims.
SEKOIA cybersecurity researchers found multiple advertisements, different stealthy discussion forums, and sets of telegrams promoting a new information thief called Stealc.
Stealc is apparently not created from scratch, but rather an upgrade from other more popular information stealers such as Vidar, Racoon, Mars and Redline Stealer, which were first noticed in the first month of XNUMX plus then gained more strength the following month.
weekly updates
Stealc was built and advertised by a menacing actor by the name of "Plymouth". It is currently on version thirteen and seems to get new tweaks and updates at least once a week.
Some of the recently added features include a C2 URL randomizer generator and an improved record searching and sorting system. Stealc was also seen excusing the Ukrainians.
After further examination of a sample of the information stealer, SEKOIA discovered that it uses legitimate third-party DLL files, is written in C and abuses Windows API functions, is lightweight (only 4KB), obstinate most of the its strings with RC64 and baseXNUMX, and automatically extracts stolen files (no action required by the threat actor).
SEKOIA also found that Stealc was able to steal data from XNUMX web browsers, XNUMX plug-ins, and XNUMX desktop wallets.
In addition to announcing it on the dark web, Plymouth was also busy rolling it out to target devices (opens in a new tab). One of the ways they do this is by creating fake YouTube tutorials on how to crack software and giving a link in the description that, instead of the advertised crack, incorporates the information stealer.
So far, more than forty C2 servers have been discovered, leading scholars to conclude that Stealc is growing in popularity. The popularity, they speculate, stems from the fact that criminals who can gain access to the admin panel can simply produce new thief samples, increasing their reach.
SEKOIA thinks that Stealc can become very popular as it can also be adopted by low-level hackers.
Via: BleepingComputer (opens in a new tab)