Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices.
The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram.
Statc Stealer is written in C++, it supports filename discrepancy checks to avoid the execution in a sandbox and reverse engineering analysis.
The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement.
Below is the attack chain described by the researchers:
The malware uses HTTPS the HTTPS protocol to send stolen, encrypted data to the C2 server.
The Statc Stealer targets most popular Windows browsers, including Chrome, Microsoft Edge, Brave, Opera, Yandex, and Mozilla Firefox.
Using ProcMon, the researchers observed that Statc Stealer can steal:
The malicious code can also exfiltrate autofill data.
“In conclusion, the emergence of the new info stealer, Statc Stealer, highlights the relentless evolution of malicious software in the digital realm.” concludes the report. “Cybercriminals and their expanding list of malware types is becoming more complex by the minute. The discovery of Statc Stealer demonstrates the importance of staying alert, ongoing research, and monitoring.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Statc Stealer)