A new line of malware called Statc Stealer has been found infecting Windows devices to steal personal and payment information.
According to The Hacker News, Zscaler ThreatLabz researchers say the Statc Stealer exhibits a wide range of theft capabilities, making it a significant threat. The program can steal various sensitive information from many web browsers, including login data, cookies, browsing data, and customizations. Additionally, the malware also targets crypto wallets, logins, passwords, and even data from messaging apps like Telegram.
Written in C++, the malware author tries to infiltrate the system when the victim is tricked into clicking on seemingly innocuous ads. The malicious program is disguised as an MP4 video file on a web browser.
With the first download code phase, while dropping and executing the decrypted PDF installation, the malware also surreptitiously deploys the downloader binary to perform malware retrieval from the remote server via a PowerShell script.
The author of Statc Stealer has sophisticated testing measures for sandboxing and reverse engineering analysis and establishes connections to command and control (C&C) servers to filter data obtained through HTTPS.
One of the anti-parse measures includes comparing filenames to check for differences and halting execution if found. Targeted web browsers include Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, Opera, and Yandex.
Researchers from Zscaler say the importance of malware lies in its ability to steal sensitive browser data and send it securely to the C&C server. This allows the malware to collect valuable information, such as logins and personal information, for purposes such as identity theft and financial fraud.
This finding comes as eSentire published its analysis of the updated version of the Raccoon Stealer, version 2.1 which was released earlier this February. The malware’s authors temporarily stopped developing it last year after Mark Sokolovsky’s arrest in March 2022. This person was one of the leading developers of the Raccoon Stealer malware, but was exposed for linking a Gmail account registered at a cybercrime forum under the alias Photix to Apple’s iCloud account, thus revealing his identity. count in the real world
