Stealc Malware is a Customizable Infostealer

A new popular information stealing tool called Stealc has been identified on Russian-speaking dark web forums.

According to a report from Sekoia.io, Stealc is a fully functional tool that competes with other popular malware families like Raccoon, Vidar, Redline, and Mars. The malware targets sensitive data from popular web browsers such as Google Chrome, Vivaldi, and Mozilla Firefox, as well as popular desktop cryptocurrency wallets like Binance and Coinomi. In addition, Stealc targets web browser-based wallets, email clients, and messenger software.

Researchers warned that companies should be aware of the malware as it is expected to become more widespread in the near future, making it easier for multiple threat actors to add it to their arsenal. Stealc is a Malware-as-a-service tool that allows hackers without advanced technical skills to purchase ready-made kits from online marketplaces and easily launch cyberattacks. Researchers discovered several Stealc samples circulating in the wild in January and February, indicating that it has gained traction among cybercriminals.

The malware is typically spread through tricking unsuspecting individuals into downloading it. One example found by Sekoia.io involved hijacked YouTube sites promoting links to pirated software that led to a disguised installer for Stealc instead of the software.

Stealc is highly customizable and offered as a service, which means there is a lot of potential for expansion, new modules and capabilities and tweaks by each budding hacker who uses the platform.

What Are Infostealers and Why Are They a Major Threat to Security?

Infostealers are a type of malware that are designed to stealthily collect sensitive information from a victim's device, such as usernames, passwords, credit card numbers, and other personal data. They are often spread through phishing emails, malicious downloads, and other deceptive tactics.

Infostealers are a major threat to security because they can easily compromise an individual's privacy and security, and also pose a significant risk to organizations. They can be used to steal valuable data such as intellectual property, financial information, and customer data. This can result in serious financial losses, reputational damage, and legal liabilities for affected organizations.

Moreover, infostealers are highly adaptable and can evolve quickly to evade detection by security software. They can also be easily distributed through the dark web, making them accessible to a wide range of cybercriminals. As a result, infostealers remain a persistent and growing threat to security, and it is important for individuals and organizations to be vigilant in protecting themselves against this type of malware. This can include using robust antivirus software, implementing strong password policies, and educating employees on how to spot and avoid phishing attempts.