Pen testing
C2
Stealc is a data stealing malware that steals data from web browsers, cryptocurrency wallets and applications. Released in early 2023, it has been actively promoted on Russian speaking underground forums as Malware-as-a-Service (MaaS).
Stealc was first advertised by its author "Plymouth" on January 9, 2023. Stealc is built on top of other well known stealers like Vidar, Raccoon, Mars and Redline and adds more features to its data stealing capabilities.
Technical Details
Written in C and using WinAPI functions, Stealc steals data from web browsers, browser extensions, desktop cryptocurrency wallets and other applications like messengers and email clients. It downloads legitimate third-party DLLs to collect sensitive data and exfiltrates the data to its C2 server using HTTP POST requests.
Distribution and Impact
Stealc is a Malware-as-a-Service, so cybercriminals can customize and deploy it in different attack campaigns. Its advanced evasion techniques and flexibility makes it a big threat to the organization, can lead to financial loss, identity theft and reputation damage.
Influenced by earlier malware families like Vidar and Raccoon, offering enhanced stealing capabilities. Stealc has been found in multiple forms, standalone and packed, so it’s used in different malicious campaigns.
Use advanced behavioral detection to detect and block.
Store credentials securely.
Update and patch regularly.
Train employees to recognize and avoid phishing.
Industries that handle sensitive data like finance, healthcare, government and e-commerce platforms are targeted by Stealc because of the data they process.
Stealc is advertised and sold on Russian speaking underground forums so it’s associated with cybercriminals from these communities.
