New infostealing malware ‘Stealc’ targets over 20 browsers, desktop wallets, and email clients

23.02.23

Threat Intelligence Alerts

Description:

Researchers at SEKOIA.IO have published an article detailing their discovery of a new information-stealing malware, advertised as Stealc by its developer. Beginning in January 2023, the researchers first saw the malware being advertised on dark web forums and have now identified over 40 servers deploying the malware and gathering information stolen by it. The researchers have noted that the high number of servers is “certainly an indication that this new infostealer became widespread and popular among cybercriminals distributing stealers”.

An analysis of the infostealer showed that Stealc is set to target sensitive data found in web browsers, browser extensions, and desktop cryptocurrency wallets by default. However, threat actors can customise the malware to target data according to the customer’s needs. The malware goes so far as to have an administrator’s panel, meaning that hackers deploying it would not need to be specially skilled in hacking to steal a victim’s data successfully.

The Stealc campaign is sold through the Malware-as-a-Service market on the dark web, a market where hackers pay a small fee to a developer to use a program for a short period of time – similar to how most software is paid for with a monthly fee nowadays. By allowing hackers to effectively rent out malware, the developers can constantly update and improve the platform to make it more efficient and less likely to be detected by antiviruses and firewalls. Like a typical business, the Stealc developers were seen to be putting customer experience and quality assurance at the forefront of their online activities – SEKOIA.IO researchers saw the developers offer free weekly tests with the intention of getting feedback and positive reviews of their product.

The malware has capacities to target data on several popular web browsers, including Google Chrome, Microsoft Edge, and Mozilla Firefox. The researchers mainly observed the malware being distributed through sites pirating software, which were promoted through Youtube videos. However, as the malware gains more notoriety and starts being used by more threat actors, it may be spread using other methods, such as phishing attacks. Information-stealing malware can pose a significant threat to any business, as it could lead to employee credentials and sensitive customer data being leaked and sold online.

Malware can pose a significant risk to individual devices, business networks, and services. Some types of malware are designed to look for other devices connected to the network of the host device to infect. This may be not only laptops and PCs, but also servers and internet-of-things devices. An infected device brought into a work environment can pose a significant security risk and could allow malicious users into your network.

To protect your organisation against malware:

Related Links:

https://www.bleepingcomputer.com/news/security/new-stealc-malware-emerges-with-a-wide-set-of-stealing-capabilities/ – Published February 20^th

https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/#h-annex-1-stealc-capabilities – Published February 20^th