Stealc: A malware with infostealer capabilities targets web browsers

Stealc malware, also known as “credential stealing” malware, is a type of malicious software designed to steal sensitive information such as usernames, passwords, and credit card numbers. Since it might compromise a victim’s identity and financial security, it is a particularly risky type of malware.

Stealc is another fully featured info stealer sold as a MaaS (Malware-as-a-Service) which emerged on underground forums in early 2023. It gained traction due to aggressive promotion of its stealing capabilities and resemblances to related malware like Vidar, Raccoon, Mars, and Redline. The malware was advertised on hacking forums by a user who presented Stealc as a piece of malware with extensive data-stealing capabilities and an easy-to-use administration panel.

Stealc has targeted sensitive data from at least 23 web browsers such as Google Chrome, Vivaldi and Mozilla Firefox as well as popular desktop cryptocurrency wallets, like Binance and Coinomi. Stealc also goes after web browser-based wallets, email clients and messenger software.

In January 2023, the malware was primarily advertised as a competitor to Vidar and Raccoon stealers. Since then, more than 40 Stealc samples and 35 Command and Control (C2) servers have been discovered in the wild.

Stealc also features a file grabber that can be configured to target particular files, a loader that enables the attacker to infect the victim with malware, and the ability to customize data collection to a specific target. It contains a fully functional administrative panel to make the stealing actions easier.

Industries that handle sensitive information, such as finance, healthcare, and government, are often targeted by Stealc because of the potential for valuable data to be stolen. In addition, businesses that process large amounts of online transactions, such as e-commerce sites, may also be at risk.


SISA’s Latest
close slider