Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page StealC malware enhanced with stealth upgrades and data theft tools

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 05-26-2025, 12:08 PM
WWW's Avatar

WWW WWW is offline
Junior Member
Join Date: Mar 2024
Posts: 14
Default


The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements.



The latest version of StealC was actually made available to cybercriminals in March 2025, but Zscaler researchers who analyzed it just published a detailed write-up.



In the weeks that followed its release, several minor bug fixes and point releases added new features, with the latest being version 2.2.4.



StealC is a lightweight info-stealer malware that gained traction on the dark web in early 2023, selling access for $200/month.



In 2024, it was spotted in large-scale malvertising campaigns and attacks locking systems into inescapable kiosk modes.



In late 2024, it was confirmed that StealC development remained very active, with its developers adding a bypassing mechanism for Chrome's 'App-Bound Encryption' cookie-theft defenses, allowing the "regeneration" of expired cookies for hijacking Google accounts.



New in latest version



Version 2 (and later) was announced in March 2025. According to Zscaler's analysis, it brings the following major improvements:
  • Payload delivery enhancements with support for EXE files, MSI packages, and PowerShell scripts, and configurable payload triggering.

  • RC4 encryption was added for code strings and command-and-control (C2) communications, with random parameters in C2 responses for better evasion.

  • Architecture and execution improvements with new payloads compiled for 64-bit systems, resolving API functions dynamically at runtime, and introducing a self-deletion routine.

  • New embedded builder that allows operators to generate new StealC builds using templates and custom data theft rules.

  • Added Telegram bot support for real-time alerts to operators.

  • Added capability to screenshot the victim's desktop with multi-monitor support.











StealC v2 new admin panel

However, apart from the feature additions, there have also been some notable removals, like the anti-VM checks and DLL downloading/execution.



These might indicate an effort to make the malware leaner, but they may also be collateral damage from major code rework and could be re-introduced in better form in future versions.













StealC's C2 communication flow

In the most recent attacks seen by Zscaler, StealC was deployed by Amadey, a separate malware loader, though different operators could differentiate the delivery methods or attack chains.



To protect your data from info-stealer malware, avoid storing sensitive information on your browser for convenience, use multi-factor authentication to protect your accounts, and never download pirated or other software from obscure sources.



@ BleepingComputer
Reply

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 02:43 AM.

Contact Us - Carder.life - Archive - Top