Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   StealC malware enhanced with stealth upgrades and data theft tools (http://txgate.io:443/showthread.php?t=51296631)

WWW 05-26-2025 12:08 PM
<div id="post_message_789649">

The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements.<br/>
<br/>
The latest version of StealC was actually made available to cybercriminals in March 2025, but <a href="https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc" target="_blank">Zscaler researchers</a> who analyzed it just published a detailed write-up.<br/>
<br/>
In the weeks that followed its release, several minor bug fixes and point releases added new features, with the latest being version 2.2.4.<br/>
<br/>
StealC is a lightweight info-stealer malware that gained traction on the dark web in early 2023, selling access for <a href="https://www.bleepingcomputer.com/news/security/the-new-info-stealing-malware-operations-to-watch-out-for/" target="_blank">$200/month</a>.<br/>
<br/>
In 2024, it was spotted in large-scale <a href="https://www.bleepingcomputer.com/news/security/global-infostealer-malware-operation-targets-crypto-users-gamers/" target="_blank">malvertising campaigns</a> and attacks locking systems into <a href="https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/" target="_blank">inescapable kiosk modes</a>.<br/>
<br/>
In late 2024, it was confirmed that StealC development remained very active, with its developers <a href="https://www.bleepingcomputer.com/news/security/infostealer-malware-bypasses-chromes-new-cookie-theft-defenses/" target="_blank">adding a bypassing mechanism</a> for Chrome's 'App-Bound Encryption' cookie-theft defenses, allowing the "regeneration" of expired cookies for hijacking Google accounts.<br/>
<br/>
<b><font size="4">New in latest version</font></b><br/>
<br/>
Version 2 (and later) was announced in March 2025. According to Zscaler's analysis, it brings the following major improvements:<ul><li>Payload delivery enhancements with support for EXE files, MSI packages, and PowerShell scripts, and configurable payload triggering.</li>
</ul><ul><li>RC4 encryption was added for code strings and command-and-control (C2) communications, with random parameters in C2 responses for better evasion.</li>
</ul><ul><li>Architecture and execution improvements with new payloads compiled for 64-bit systems, resolving API functions dynamically at runtime, and introducing a self-deletion routine.</li>
</ul><ul><li>New embedded builder that allows operators to generate new StealC builds using templates and custom data theft rules.</li>
</ul><ul><li>Added Telegram bot support for real-time alerts to operators.</li>
</ul><ul><li>Added capability to screenshot the victim's desktop with multi-monitor support.</li>
</ul><img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/May/panel.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

StealC v2 new admin panel

</td>
</tr>
</table>
</div>However, apart from the feature additions, there have also been some notable removals, like the anti-VM checks and DLL downloading/execution.<br/>
<br/>
These might indicate an effort to make the malware leaner, but they may also be collateral damage from major code rework and could be re-introduced in better form in future versions.<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/May/communications.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

StealC's C2 communication flow

</td>
</tr>
</table>
</div>In the most recent attacks seen by Zscaler, StealC was deployed by Amadey, a separate malware loader, though different operators could differentiate the delivery methods or attack chains.<br/>
<br/>
To protect your data from info-stealer malware, avoid storing sensitive information on your browser for convenience, use multi-factor authentication to protect your accounts, and never download pirated or other software from obscure sources.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 07:45 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.