Shulou(Shulou.com)11/24 Report--

CTOnews.com, February 23, SEKOIA, a cyber threat intelligence company, pointed out in its latest report that in January this year, a new information theft program called Stealc was found on the dark Internet, which is similar to similar malware such as Vidar, Raccoon, Mars and Redline, but more powerful.

A user named "Plymouth" touted Stealc on hacker forums, saying it had extensive data theft capabilities and an easy-to-use management panel.

In addition to stealing web browser data, extensions, and cryptocurrency wallets, Stealc can also customize file crawlers to steal any type of file content according to the needs of an attacker.

The seller has also set up a Telegram channel to post a new version of Stealc update log, the latest version of which is v1.3.0 released on February 11, 2023. The malware is under active development and a new version appears on the channel every week.

Plymouth said in the post that Stealc was not developed from scratch, but was optimized based on Vidar, Raccoon, Mars and Redline stealers.

Researchers have found more than 40 C2 servers hacked by Stealc, and dozens of samples indicate that attackers have begun to attack. This shows that this new malware has aroused the interest of cyber criminal groups.

The main features of Stealc attached to CTOnews.com are as follows:

Volume only 80KB, lightweight build

Use a legitimate third-party DLL

Writing and abusing Windows API functions in C language

Most strings are confused with RC4 and base64

The malware will automatically steal data

Attacks have been launched on 22 web browsers, 75 plug-ins and 25 desktop wallets

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.