Statc Stealer Targets Windows Systems

A recently discovered strain of malicious software called Statc Stealer has been identified as infecting computers operating on the Microsoft Windows system. This malware specializes in extracting sensitive personal and financial data.

In a recent technical report, researchers Shivam Sharma and Amandeep Kumar from Zscaler ThreatLabz emphasized the extensive range of data theft capabilities exhibited by Statc Stealer, categorizing it as a substantial menace. The malware has the capacity to pilfer valuable information from diverse web browsers, including login credentials, cookies, web data, and user preferences. Furthermore, it concentrates on acquiring data from cryptocurrency wallets, account credentials, passwords, and even content from messaging platforms like Telegram.

Statc Mode of Operation

Developed in the C++ programming language, this malicious program infiltrates targeted systems by duping potential victims into clicking on seemingly harmless advertisements. It disguises itself as an MP4 video file format within popular web browsers like Google Chrome. The initial payload drops a decoy PDF installer and simultaneously launches a concealed downloader binary. This downloader binary is responsible for retrieving the actual stealer malware from a remote server, utilizing a PowerShell script for execution.

To ensure evasion of sandbox detection and prevent reverse engineering analysis, the stealer employs advanced checks. It establishes connections with a command-and-control (C&C) server through HTTPS to transmit the pilfered data.

Among its anti-analysis measures, the malware scrutinizes file names for inconsistencies to detect potential threats, halting its operations if any are identified. The targeted web browsers encompass a wide range, such as Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, Opera, and Yandex Browser.

The researchers highlighted the particular significance of Statc Stealer's method of data exfiltration. The malware efficiently gathers sensitive browser information and securely transmits it to its C&C server. This functionality facilitates the harvesting of critical data like login credentials and personal particulars, enabling malicious activities like identity theft and financial fraud.

Coinciding with these discoveries, eSentire conducted an analysis of an updated iteration of Raccoon Stealer, version 2.1, which was released in February of the current year. The developers of Raccoon Stealer temporarily suspended their activities on the malware due to the apprehension of Mark Sokolovsky in March 2022. Sokolovsky was identified as one of the primary creators after inadvertently linking a Gmail account he used to register on a cybercrime forum with an Apple iCloud account, thus exposing his real identity.