Multiple NVIDIA Products Vulnerabilities
June 25, 2025Hacktivists Target U.S. Firms and Military After Iran Strikes
June 25, 2025Multiple NVIDIA Products Vulnerabilities
June 25, 2025Hacktivists Target U.S. Firms and Military After Iran Strikes
June 25, 2025Severity
High
Analysis Summary
Stealc is a new malware that was first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground forums on January 9, 2023. The malware is written in C and can steal data from web browsers, crypto wallets, email clients, and messaging apps. It is also equipped with a customizable file grabber that allows buyers to tailor the module to siphon files of interest. Stealc implements loader capabilities to deploy additional payloads.
According to researchers, Stealc quickly established itself as a reliable threat actor, and its malware gained the trust of cybercriminals dealing with information stealers. The malware is being distributed through various vectors, including YouTube videos posted from compromised accounts that link to a website peddling cracked software.
- Stealc stealer on XSS
"Since customers of the Stealc MaaS own a build of its administration panel to host the stealer C2 server and generate stealer samples themselves, it is likely that the build will leak into the underground communities in the medium term,"
SEKOIA predicts that the Stealc malware administration panel, which customers of the malware-as-a-service own, will likely leak into underground communities in the medium term. Antivirus vendor Avast lists Stealc as a new addition to the list of most prevalent stealer malware strains, which includes FormBook, Agent Tesla, RedLine, LokiBot, Raccoon, Snake Keylogger, and Arkei (along with its fork Vidar), during Q4 2022.
The discovery of Stealc highlights the ongoing threat posed by information-stealing malware and the importance of remaining vigilant against cyber threats. Individuals and organizations should take proactive steps like using strong passwords and two-factor authentication, regularly updating software and security tools, and being cautious when opening emails or downloading files from unknown sources. It is also important to use antivirus software and other security tools to detect and prevent malware infections.
Impact
- Data Exfiltration
- Credential Theft
- Information Theft
- Financial Loss
Indicators of Compromise
MD5
e5fa5fcb914df9007a608684aa498429
fd5a7f375813d39f1f0f8ac770c6547d
54a3d36716f4eb2f08e945b6e4f14e60
SHA-256
5a612f4d19e0af69b7f78a88c8b5c485e574a10d2831692d40db8575a3273faa
11800f41e27fea584c27a096f2fcbec1b8cb6491f56a5d02bc587a5db3b3e3d5
448dca1bc8d4808f9717fde8ae831d1c9afb5a1d6963b1d21b1a12db840c8726
SHA-1
98791c6bc667a5a3d7b0658ee981f411f793222c
17d7e065bc39c3a36ea85321ebd1db9b8fc6de93
3e0129c7917afb882fa31848c0dbff8437639380
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution.
- Check for any unauthorized transactions or activities on your financial accounts and report any suspicious activities to the respective authorities.
- Ensure that your operating system and all applications are up to date with the latest security patches and updates to prevent vulnerabilities that can be exploited by malware.
- Implement two-factor authentication for your online accounts to provide an additional layer of security.
- Avoid downloading and installing pirated software, as these sites are often a source of malware infections.
- Educate yourself and your employees on safe computing practices, such as being cautious when opening emails and downloading attachments, to prevent future infections.