430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, […]

Statc Stealer

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information.

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices.

The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram.

Statc Stealer is written in C++, it supports filename discrepancy checks to avoid the execution in a sandbox and reverse engineering analysis.

The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement.

Below is the attack chain described by the researchers:

  1. A user is tricked into clicking on a malicious link somewhere on their Google Chrome browser (typically an advertisement).
  2. The user inadvertently downloads the Initial Sample file. 
  3. After the malicious file executes, the Initial Sample drops and executes a Decoy PDF Installer. 
  4. To facilitate the download of the Statc payload through a PowerShell script, the Initial Sample file also drops and executes a Downloader Binary file.
  5. Once Statc Stealer steals the user’s data, it encrypts the data, puts it in a text file, and stores it in the Temp folder.
  6. From here, Statc Stealer calls on its C&C server to deliver the stolen encrypted data.

The malware uses HTTPS the HTTPS protocol to send stolen, encrypted data to the C2 server.

The Statc Stealer targets most popular Windows browsers, including Chrome, Microsoft Edge, Brave, Opera, Yandex, and Mozilla Firefox.

Using ProcMon, the researchers observed that Statc Stealer can steal:

  • user’s cookies data
  • web data
  • local state 
  • data preferences 
  • login data
  • various different wallets information
  • FileZilla
  • browsers autofills
  • anydesk 
  • ronin_edge
  • meta mask 
  • Telegram data

The malicious code can also exfiltrate autofill data.

“In conclusion, the emergence of the new info stealer, Statc Stealer, highlights the relentless evolution of malicious software in the digital realm.” concludes the report. “Cybercriminals and their expanding list of malware types is becoming more complex by the minute. The discovery of Statc Stealer demonstrates the importance of staying alert, ongoing research, and monitoring.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Statc Stealer)