Stealc

Stealc is a data stealing malware that steals data from web browsers, cryptocurrency wallets and applications. Released in early 2023, it has been actively promoted on Russian speaking underground forums as Malware-as-a-Service (MaaS).

Key Insights

Stealc was first advertised by its author "Plymouth" on January 9, 2023. Stealc is built on top of other well known stealers like Vidar, Raccoon, Mars and Redline and adds more features to its data stealing capabilities.

Technical Details

Written in C and using WinAPI functions, Stealc steals data from web browsers, browser extensions, desktop cryptocurrency wallets and other applications like messengers and email clients. It downloads legitimate third-party DLLs to collect sensitive data and exfiltrates the data to its C2 server using HTTP POST requests.

Distribution and Impact

Stealc is a Malware-as-a-Service, so cybercriminals can customize and deploy it in different attack campaigns. Its advanced evasion techniques and flexibility makes it a big threat to the organization, can lead to financial loss, identity theft and reputation damage.

Known Variants

Influenced by earlier malware families like Vidar and Raccoon, offering enhanced stealing capabilities. Stealc has been found in multiple forms, standalone and packed, so it’s used in different malicious campaigns.

Mitigation Strategies

Use advanced behavioral detection to detect and block.
Store credentials securely.
Update and patch regularly.
Train employees to recognize and avoid phishing.

Targeted Industries or Sectors

Industries that handle sensitive data like finance, healthcare, government and e-commerce platforms are targeted by Stealc because of the data they process.