A new information stealer called strike Advertised on the dark web, this malware may emerge as a strong competitor to other malware of its kind.
In a report on Monday, SEKOIA said, “Threat actors present Stealc as a fully-featured, ready-to-use stealer. Its development relied on Vidar, Raccoon, Mars, and RedLine stealers. ‘ said.
The French cybersecurity firm says more than 40 Stealc samples were in the wild and found 35 active command and control (C2) servers, making the malware already gaining momentum among criminal groups. It suggests that
Stealc, first sold by an actor named Plymouth on XSS and BHF’s Russian-speaking underground forums on January 9, 2023, is written in C and can be used in web browsers, crypto wallets, It has the ability to steal data from email clients and messaging apps.
Malware as a Service (MaaS) also features “customizable” file grabbers, allowing buyers to tailor modules to siphon files of interest. Additionally, it implements a loader function that unpacks additional payloads.
“We are confident that the dubious developer has rapidly established itself as a credible threat actor and that its malware has earned the trust of cybercriminals to deal with infostealers,” said SEKOIA.
Among the distribution vectors used to distribute Stealc are YouTube videos posted by compromised accounts, which are distributed to websites selling cracked software (“rcc-software ) is linked to.[.]com”).
This also indicates that it is targeting users looking for ways to install pirated software on YouTube, mirroring the same tactic employed by another infostealer called Aurora.
“Since Stealc MaaS customers own builds of the admin panel to host Stealer C2 servers and generate Stealer samples themselves, builds are likely to leak to the underground community in the medium term.” added the company.
The most prevalent stealer malware lineage in Q4 2022, according to antivirus vendors Avast, Formbook, Agent Tesla, Redline, Lokibot, Raccoon, Snake Keylogger, and Archay (including its fork Vidar) was
