This new malware has emerged from the dark web and is after your data

Experts have warned of a new information-stealing malware has been observed circulating around the dark web as it looks to gather new cust...

Experts have warned of a new information-stealing malware has been observed circulating around the dark web as it looks to gather new customers and victims alike.

Cybersecurity researchers from SEKOIA came across multiple ads, on different underground forums and Telegram groups promoting a new infostealer called Stealc.

Apparently, Stealc is not built from scratch, but is rather an upgrade to other, more popular infostealers, such as Vidar, Racoon, Mars, and Redline Stealer, having been first spotted in January 2023 but then gaining more traction the following month.

Weekly updates

Stealc was built, and is being advertised, by a threat actor going by the name “Plymouth”. It is currently at version 1.3.0, and it seems to be getting new tweaks and upgrades at least once a week. 

Some of the newly added features include a C2 URL randomizer, and improved logs searching and sorting system. Stealc was also seen sparing people from Ukraine. 

After further analyzing a sample of the infostealer, SEKOIA uncovered that it uses legitimate third-party DLLs, that it’s written C and abuses Windows API functions, that it’s lightweight (only 80KB), that it obfuscates most of its strings with RC4 and base64, and that it exfiltrates stolen files automatically (requiring no action from the threat actor). 

SEKOIA has also found Stealc to be able to steal data from 22 web browsers, 75 plugins, and 25 desktop wallets. 

Besides advertising it on the dark web, Plymouth was also busy deploying it to target endpoints. One of the ways they do it is by creating fake YouTube tutorials on how to crack software, and providing a link in the description which, instead of the advertised crack, deploys the infostealer.

So far, more than 40 C2 servers were discovered, leading the researchers to conclude Stealc is growing quite popular. The popularity, they speculate, comes from the fact that crooks that can access the admin panel can easily generate new stealer samples, thus increasing its range. 

SEKOIA believes Stealc can become quite popular as it can be adopted by low-level hackers, as well. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/0Bqe7iH
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This new malware has emerged from the dark web and is after your data
This new malware has emerged from the dark web and is after your data
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/02/this-new-malware-has-emerged-from-dark.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/02/this-new-malware-has-emerged-from-dark.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy