This new malware has emerged from the dark web and is after your data

x
(Image credit: Shutterstock)

Experts have warned of a new information-stealing malware has been observed circulating around the dark web as it looks to gather new customers and victims alike.

Cybersecurity researchers from SEKOIA came across multiple ads, on different underground forums and Telegram groups promoting a new infostealer called Stealc.

Apparently, Stealc is not built from scratch, but is rather an upgrade to other, more popular infostealers, such as Vidar, Racoon, Mars, and Redline Stealer, having been first spotted in January 2023 but then gaining more traction the following month.

Weekly updates

Stealc was built, and is being advertised, by a threat actor going by the name “Plymouth”. It is currently at version 1.3.0, and it seems to be getting new tweaks and upgrades at least once a week. 

Some of the newly added features include a C2 URL randomizer, and improved logs searching and sorting system. Stealc was also seen sparing people from Ukraine. 

After further analyzing a sample of the infostealer, SEKOIA uncovered that it uses legitimate third-party DLLs, that it’s written C and abuses Windows API functions, that it’s lightweight (only 80KB), that it obfuscates most of its strings with RC4 and base64, and that it exfiltrates stolen files automatically (requiring no action from the threat actor). 

SEKOIA has also found Stealc to be able to steal data from 22 web browsers, 75 plugins, and 25 desktop wallets. 

Besides advertising it on the dark web, Plymouth was also busy deploying it to target endpoints. One of the ways they do it is by creating fake YouTube tutorials on how to crack software, and providing a link in the description which, instead of the advertised crack, deploys the infostealer.

So far, more than 40 C2 servers were discovered, leading the researchers to conclude Stealc is growing quite popular. The popularity, they speculate, comes from the fact that crooks that can access the admin panel can easily generate new stealer samples, thus increasing its range. 

SEKOIA believes Stealc can become quite popular as it can be adopted by low-level hackers, as well. 

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Ransomware
Microsoft spies a new and worrying macOS malware strain
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3
'There's a reason why we do it': The Wheel of Time showrunner responds to fans who are still upset over the Prime Video show's plot alterations