UPDATED 18:52 EDT / FEBRUARY 21 2023

hoodie hacker sitting in front of a laptop with a monochrome blue background, laptop has a single red light on it SECURITY

New ‘Stealc’ information-stealing malware grows in popularity on dark web

Cybersecurity researchers today detailed recently discovered information-stealing malware that is rapidly growing in popularity on dark web marketplaces.

Dubbed “Stealc” by researchers at Sekoia ApS, the malware was first spotted being offered for sale in January on a forum by a user going by the name of “Plymouth.” Stealc was advertised as a fully featured and ready-to-use stealer, whose development relied on previous stealer malware such as Vidar, Raccoon, Mars and Redline.

In early February, the same researchers then discovered a new malware family while tracking information stealers. It was found to be directly related to Stealc, with dozens of Stealc samples distributed in the wild.

Stealc targets sensitive data from web browsers, extensions for cryptocurrency wallets, desktop cryptocurrency wallets and information from additional applications, including email clients and messenger software. The data collection configuration can be customized to tailor the malware to the customer’s needs.

The malware implements a customizable file grabber, allowing customers to steal files matching their grabber rules. The stealer was also found to have loader capabilities that are typical for an information stealer sold as malware-as-a-service.

Although Stealc is currently being sold on a MaaS basis, the researchers warn that because customers own a build of its administration panel to host the stealer command-and-control center, the build will likely leak to underground communities in the medium term. Eventually, a cracked version of a Stealc build may be released, which could be used for many years to come.

With the likelihood of further distribution and its growing popularity, the Sekoia researchers “expect that the Stealc infostealer will become widespread in the near term, as multiple threat actors add the malware to their arsenal while it is poorly monitored.” Companies facing targeted stealer attacks are warned to be aware of this malware.

“As advanced tools and attack-as-a-service offerings become easily accessible on the dark web, even relatively unsophisticated attackers are enabled to execute extremely sophisticated and lucrative attacks,” Dror Liwer, co-founder of Coro Cyber Security Ltd., told SiliconANGLE. “What this translates to is more attacks on a wider population, with the economics working even when the attacked is a mid-market or small business.”

Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., said one interesting addition in this malware is its specific targeting of password managers.

“It specifically targets at least 13 browser extensions installed by password managers and other authenticators,” Grimes explained. “I’m not sure if StealC is the first malware program to do this much targeting of password managers — probably not — but it obviously tells us that hackers are increasingly targeting password manager users. This is a trend we all need to pay attention to.”

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.