BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New Stealc malware provides a wide range of data theft capabilities

    Infostealer is actively advertised by cybercriminals, supporting 23 browsers, 70 web plugins and 15 crypto wallets.

    There is a new infostealer on the darknet called Stealc that is gaining traction thanks to its aggressive promotion of data theft capabilities and similarities to Vidar, Raccoon, Mars and Redline malware.

    Security researchers from cyber threat detection company SEKOIA identified a new strain of malware in January of this year, and its activity peaked in February.

    Stealc was advertised on hacker forums by a Russian-speaking user under the nickname "Plymouth". The hacker described the broad capabilities of the program for stealing data, and also noted the easy-to-use administration panel.

     

    In addition to the usual targeting of web browser data, extensions and cryptocurrency wallets, Stealc can also be configured to target any types of user files that an operator wishes to steal, according to Plymouth. The author openly stated that the development of Stealc used the developments of the popular malware Vidar, Raccoon, Mars and Redline. The program was also promoted in closed Telegram channels with the opportunity to try out test samples before buying.

    The researchers found one thing in common that shares Stealc with the aforementioned Vidar, Raccoon, Mars and Redline. They all load legitimate third-party ".dll" libraries (eg sqlite3.dll, nss3.dll) to steal user files.

    SEKOIA researchers found more than 40 active Stealc C2 servers and several dozen instances in the wild (ITW). This indicates that the new malware has attracted considerable interest from the cybercriminal community.

    When deployed, the malware deobfuscates its strings and performs anti-analytics checks to make sure it is not running in a virtualized or sandboxed environment. It then dynamically loads the WinAPI functions and initiates communication with the C2 server by sending the victim's hardware ID and assembly name, receiving the desired configuration in response.

    After that, Stealc collects data from all target browsers, extensions and applications, starts capturing user files, and then uploads them to the C2 server. Once this stage is complete, the malware deletes itself and the DLLs it downloaded from the device to erase any traces of the infection.

    One of the distribution methods that researchers have observed is phishing websites that offer potential victims to download hacked software. Of course, Stealc malware was built into this software.

    SEKOIA also shared a large set of indicators of compromise that antivirus companies can use to add malware to their databases.

    Given the way malware is being distributed, users are advised to avoid installing pirated software and only download any products from official websites.

    Author DeepWeb
    "Noble" HardBit ransomware group cares about the well-being of its victims
    The most powerful DDoS attack ever recorded

    Comments 0

    Add comment