Recent observations on the dark web suggest that the new information-stealing malware “Stealc” is searching for both its next victim and its next client.
A threat actor going by the name of “Plymouth” was recently uncovered by cybersecurity experts from SEKOIA to be advertising malware on several underground forums. The cybercriminal claims that Stealc is a fully functional and ready-to-use infostealer that is based on more well-known infostealers like Vidar, Racoon, Mars, and Redline Stealer.
At least once per week, Stealc receives updates and modifications. A command and control (C&C) center URL randomizer and an enhanced logs finding and sorting mechanism are a few of its new features. Additionally, Ukrainian victims could be spared. In addition to this, Stealc possesses the following qualities and characteristics:
Only 80KB
Uses legitimate third-party DLLs
Written in C and abuses Windows API functions
Exfiltrates stolen data automatically
Targets 22 browsers, 75 plugins, and 25 desktop wallets
Plymouth is spreading the malware to multiple Systems by making fictitious YouTube demonstrations on how to break software, in addition to selling it on dark web forums. The videos will then take a gullible user to a download page where Stealc will be installed.
The virus does anti-analysis checks once it has been installed to make sure it is not currently operating in a virtual environment or sandbox. The victim’s hardware identity and build name are then sent to the C&C center via communication with loaded Windows API calls. A set of instructions will subsequently be given to the malware.
Stealc will now begin gathering information from the targeted browsers, extensions, and applications. If its file grabber is running, it will likewise do so and exfiltrate all files to the C&C server. Stealc removes itself and the stolen DLL files from the victim’s computer after successfully stealing data in order to avoid being discovered.
More than 40 C&C servers connected to Stealc have been found, according to SEKOIA, suggesting that the malware has gained popularity among cybercriminals that distribute stealer malware.
Always keep your security software up to date and avoid downloading or installing software from dubious sources if you want to keep your PCs safe from viruses. Finally, avoid clicking links or attachments in unsolicited emails because they can be infected with malware.