Information stealer ‘Stealc’ set to be on top of cyber crimes

The dark web-generated malware is found to communicate in Russian and will target web browsers, crypto wallets, email clients, and messaging apps.

According to a French cyber security company, 40 different Stealc samples have been distributed in C and C2.

According to Sekoia, the base of Stealc has a combined functionality of Vidar, Raccoon, Mars, and RedLine stealers.

https://t.co/CnRXY1H4Ke uncovered a new #infostealer advertised as #Stealc on underground forums since early 2023 and already widespread in the wild.

In a nutshell, Stealc is a copycat of the prominent #Vidar and #Raccoon stealers.https://t.co/3FqVt4y9ZM

— Sekoia.io (@sekoia_io) February 20, 2023

What’s the prodigy behind Stealth?

Stealth is new but based on the previous version of different malware. According to Russian experts, it is a copycat of Vidar and Raccoon. Vidar is malware that collects data, such as usernames, passwords, and credit card information. Vidar is considered a deadly threat because it can self-update.

Similarly, Raccoon has the same purpose. It infects the system through malicious emails, software downloads, or exploits vulnerabilities in software and web applications.

The same is the case with Mars and RedLine; they are designed to steal personal information and have the ability to upgrade themselves without being detected easily.

Beware of Stealc

The distribution vectors of Stealc are Youtube videos and the links attached to them. The way to get users to fall prey is the same as another stealing software called Aurora.

“These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method using YouTube videos and SEO-poised fake cracked software download websites,” cybersecurity firm SEKOIA.

According to Avast, Raccoon, Vidar, RedLine, Lokibot, and many other stealing malware will be prevalent in 2022.

We are currently seeing a massive campaign spreading the information-stealing malware #Raccoon Stealer.
Since Feb 9, we've protected more than 270K unique users, preventing Raccoon to be downloaded onto their computers.
The most impacted countries are IT, ID, PH and IN.

— Avast Threat Labs (@AvastThreatLabs) February 14, 2023

What is Stealc capable of?

A user called “Plymouth” advertised Stealc, who presented the malware as a malicious threat with extensive data-stealing capabilities and an easy-to-use administration panel.

Stealing with all personal information is said to be the file grabber, meaning it can take over any file it wishes.

Plymouth advertised the malware to many forums because it is easy to generate more Stealc samples, which would leak the malware broadly.

According to Sekoia, once the malware enters the system, it communicates with its central server and is given directions. It has also given a detailed list of URLs in different sectors where Stealc is more prevalent. Also, decryption techniques have been shared to allow users to stay safe.

Concluding Thoughts 

Cyber security has become something crucial for your online existence. Viruses, trojans, and cipher threats will come your way every day. It is your responsibility to be vigilant and perform prudence while online. 

Stealc software can be avoided by considering using software from authentic sources and avoiding pirated files. Stay safe!