A brand new data stealer known as Stealc that is being marketed on the darkish internet may emerge as a worthy competitor to different malware of its ilk.
“The menace actor presents Stealc as a totally featured and ready-to-use stealer, whose growth relied on Vidar, Raccoon, Mars, and RedLine stealers,” SEKOIA stated in a Monday report.
The French cybersecurity firm stated it found greater than 40 Stealc samples distributed within the wild and 35 energetic command-and-control (C2) servers, suggesting that the malware is already gaining traction amongst felony teams.
Stealc, first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground boards on January 9, 2023, is written in C and comes with capabilities to steal knowledge from internet browsers, crypto wallets, e-mail purchasers, and messaging apps.
The malware-as-a-service (MaaS) additionally boasts of a “customizable” file grabber that enables its consumers to tailor the module to siphon information of curiosity. It additional implements loader capabilities to deploy further payloads.
SEKOIA assessed with “excessive confidence that its alleged developer rapidly established itself as a dependable menace actor, and its malware gained the belief of cybercriminals coping with infostealers.”
Among the many distribution vectors used to ship Stealc are YouTube movies posted from compromised accounts that hyperlink to an internet site peddling cracked software program (“rcc-software[.]com”).
This additionally signifies that customers trying to find methods to put in pirated software program on YouTube are a goal, mirroring the identical tactic adopted by one other infostealer dubbed Aurora.
“Since prospects of the Stealc MaaS personal a construct of its administration panel to host the stealer C2 server and generate stealer samples themselves, it’s probably that the construct will leak into the underground communities within the medium time period,” the corporate added.
In accordance with antivirus vendor Avast, FormBook, Agent Tesla, RedLine, LokiBot, Raccoon, Snake Keylogger, and Arkei (together with its fork Vidar) accounted for the most prevalent stealer malware strains throughout This autumn 2022.