A new information stealer advertised as ‘Stealc’ has been spotted sequoia researcher.
In an advisory issued by the company on Monday, the company’s threat and detection research team said the alleged malware developer “Plymouth” promoted it on a dark web forum in January.
“Threat actors present Stealc as a fully featured out-of-the-box stealer. further away, raccoonMars and red line “This information suggests that this newcomer could be a serious competitor to the aforementioned widespread and popular malware family.”
Then, in early February, the Sekoia team observed a new malware family in the wild, containing dozens of Stealc samples and over 40 Stealc command and control (C2) servers.
“Compared to other stealers [we] We can customize the data collection configuration to tailor the malware to our customers’ needs,” wrote Sekoia. “Stealc also implements a customizable file grabber. [alongside] Loader functionality typically expected from information stealers sold as Malware-as-a-Service (MaaS). “
Thanks to these features, Sequoia says it believes a variant of Stealc will leak into the underground community fairly soon.
“[We] We assess that the Plymouth business, like the Vidar and Raccoon projects, may not be viable for several years,” reads the advisory. for years. “
This is because multiple threat actors can add malware to their toolkits while being poorly monitored. Sekoia added that Stealc is particularly popular among Russian-speaking cybercriminals at the time of writing.
A list of targeted web browsers, browser extensions, and desktop cryptocurrency wallets, as well as details about Stealc’s infection chain, can be found at Sekoia. Recommendation.
“Businesses facing a compromise by Stealer should be aware of this malware,” the company concludes.
Sekoia’s latest study comes weeks after Vidar It’s back on Check Point’s Top 10 Most Wanted Malware list.
