New Stealc malware emerges with a wide set of stealing capabilities

Home/BOTNET, Exploitation, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update/New Stealc malware emerges with a wide set of stealing capabilities

New Stealc malware emerges with a wide set of stealing capabilities

A new information stealer advertised as “Stealc” has been discovered by Sekoia researchers.

Security researchers at cyber threat intelligence company SEKOIA spotted the new strain in January and noticed it started to gain tractionin early February.

New Stealc malware

Stealc has been advertised on hacking forums by a user called “Plymouth,” who presented the malware as a piece of malware with extensive data-stealing capabilities and an easy-to-use administration panel.

“The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars and Redline stealers,” reads the technical write-up. “This information suggests that this newcomer could be a serious competitor to the popular, widespread malware families mentioned above.”

According to the advertiser, in addition to the standard targeting of web browser data, extensions and cryptocurrency wallets, Stealc also has a customizable file downloader which can be configured to target whatever file types o wants to steal operator.

The vendor has also created a channel on Telegram dedicated to publishing the changelogs of the new version of Stealc, the latest being version 1.3.0, released on February 11, 2023.

The malware is actively developed and a new version appears on the channel every week.

The researchers discovered more than 40 C2 servers for Stealc and several dozen samples in which it is used, indicating that the new malware has attracted the interest of the cybercriminal community.

However, the researchers wrote, is due to the fact that several threat actors may add the malware to their toolkit while it is poorly monitored. Sekoia added that, at the time of writing, Stealc is particularly popular among Russian-speaking cyber-criminals.

IoCs

185.143.223[.]136
94.131.99[.]185
65.109.131[.]183
45.87.153[.]50
179.43.162[.]94
194.87.31[.]146
94.142.138[.]11
23.88.116[.]117
95.217.143[.]99
185.242.87[.]149
194.4.51[.]160
5.75.138[.]201
185.130.46[.]214
167.235.62[.]105

185.247.184[.]7
179.43.162[.]89
91.228.225[.]46
179.43.162[.]2
77.246.156[.]93
84.246.85[.]80
185.5.248[.]95
146.70.161[.]51
85.239.54[.]29
91.215.85[.]188
77.91.124[.]7
37.120.238[.]190
37.220.87[.]65
45.136.49[.]247

45.136.50[.]69
45.136.51[.]61
45.144.29[.]176
65.109.3[.]34
94.142.138[.]48
95.216.112[.]83
195.74.86[.]37
162.0.238[.]10
666palm[.]com
777palm[.]com
aa-cj[.]com
fff-ttt[.]com
moneylandry[.]com

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!