Researchers Uncover New Information Stealer ‘Stealc’

A new data stealer advertised as “Stealc” has been found out by Sekoia researchers.

Crafting in an advisory released by the firm on Monday, the firm’s Threat & Detection Exploration Crew said the malware’s alleged developer “Plymouth” advertised it on dark web discussion boards in January.

“The threat actor offers Stealc as a fully showcased and completely ready-to-use stealer, whose improvement relied on Vidar, Raccoon, Mars and Redline stealers,” reads the technological create-up. “This info indicates that this newcomer could be a critical competitor to the well known, prevalent malware households stated earlier mentioned.”

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

The Sekoia team then noticed the new malware family members in the wild in early February, like dozens of Stealc samples and far more than 40 Stealc command and management (C2) servers.

“As opposed to other stealers [we] analyzed, the data selection configuration can be customized to tailor the malware to the customer needs,” Sekoia wrote. “Stealc also implements a customizable file grabber [alongside] loader abilities that would be normally expected for an info stealer bought as a Malware-as-a-Services (MaaS).”

Thanks to these capabilities, Sekoia stated they believe that Stealc variants will leak into the underground communities fairly soon.

“[We] evaluate the Plymouth small business possibly will not be practical more than quite a few many years, as Vidar or Raccoon tasks are,” reads the advisory. “Even so, it is probable that a cracked edition of the Stealc make may well be launched in the potential, which may be used for a lot of yrs to occur.”

This, the researchers wrote, is owing to the fact that quite a few danger actors might include the malware to their toolkit whilst it is poorly monitored. Sekoia added that, at the time of crafting, Stealc is notably preferred among the Russian-speaking cyber-criminals.

A listing of focused web browsers, browser extensions and desktop cryptocurrency wallets, together with facts about Stealc’s an infection chain, are readily available in the Sekoia advisory.

“Corporations facing stealer compromise want to be conscious of this malware,” the enterprise concluded.

Sekoia’s hottest study arrives months after Vidar returned to Look at Point’s best 10 Most Wanted Malware listing.