Aug 10, 2023THNMalware / Cyber Threat
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information.
"Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
"It can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. Additionally, it targets cryptocurrency wallets, credentials, passwords, and even data from messaging apps like Telegram."
Written in C++, the malicious stealer finds its way into victim systems when potential victims are tricked into clicking on seemingly innocuous ads, with the stealer imitating an MP4 video file format on web browsers like Google Chrome.
The first-stage payload, while dropping and executing a decoy PDF installer, also stealthily deploys a downloader binary that proceeds to retrieve the stealer malware from a remote server via a PowerShell script.
The stealer features sophisticated checks to inhibit sandbox detection and reverse engineering analysis, and establishes connections with a command-and-control (C&C) server to exfiltrate the harvested data using HTTPS.
One of the anti-analysis includes a comparison of the file names to inspect for any discrepancies and halt its execution, if found. Targeted web browsers include Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, Opera, and Yandex Browser.
"The significance of Statc Stealer's exfiltration technique lies in its potential to steal sensitive browser data and send it securely to its C&C server," the researchers said. "This allows the malware to harvest valuable information, such as login credentials and personal details, for malicious purposes like identity theft and financial fraud."
The findings come as eSentire published an analysis of an updated version of Raccoon Stealer, which had its version 2.1 released earlier this February.
The authors of Raccoon Stealer temporarily halted work on the malware last year following the arrest of Mark Sokolovsky in March 2022, who was exposed as one of the leading developers after he made the fatal mistake of linking a Gmail account he used to sign up for a cybercrime forum under the alias Photix to an Apple iCloud account, thus revealing his real-world identity.
"The updated version includes features such as Signal Messenger data collection, cleaning from Defender detection (likely changing the code, obfuscation to avoid detections), and auto brute-forcing for crypto wallets," eSentire noted last week.
from The Hacker News https://bit.ly/3YrKbFh