A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information.
“Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat,” Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
Written in C++, the malicious stealer finds its way into victim systems when potential victims are tricked into clicking on seemingly innocuous ads, with the stealer imitating an MP4 video file format on web browsers like Google Chrome.
The first-stage payload, while dropping and executing a decoy PDF installer, also stealthily deploys a downloader binary that proceeds to retrieve the stealer malware from a remote server via a PowerShell script.
The stealer features sophisticated checks to inhibit sandbox detection and reverse engineering analysis, and establishes connections with a command-and-control (C&C) server to exfiltrate the harvested data using HTTPS.
The findings come as eSentire published an analysis of an updated version of Raccoon Stealer, which had its version 2.1 released earlier this February.
The authors of Raccoon Stealer temporarily halted work on the malware last year following the arrest of Mark Sokolovsky in March 2022, who was exposed as one of the leading developers after he made the fatal mistake of linking a Gmail account he used to sign up for a cybercrime forum under the alias Photix to an Apple iCloud account, thus revealing his real-world identity.
“The updated version includes features such as Signal Messenger data collection, cleaning from Defender detection (likely changing the code, obfuscation to avoid detections), and auto brute-forcing for crypto wallets,” eSentire noted last week.
Source: https://thehackernews.com/