Researchers from Zscaler ThreatLabz have identified a new info-stealing malware dubbed Statc Stealer that is actively targeting Windows users. This C++ malware employs advanced evasion techniques and data theft capabilities. Disguised as legitimate ads through malvertising, it deceives users into downloading its dropper. Once installed, Statc Stealer harvests sensitive information such as browser details, login credentials, and cryptocurrency wallets. It also exploits Windows Process Monitor to gather data from apps like Anydesk and Telegram. The stolen data is encrypted and stored as text files in the Temp folder before being sent to its Command and Control (C&C) server. Particularly threatening for users storing personal data for autofill forms, Statc Stealer presents an identity theft risk.
The Zscaler ThreatLabz team's recent discovery provides an in-depth analysis of Statc Stealer's tactics, shedding light on its distribution, evasion techniques, and potential impact. The malware targets various browsers, cryptocurrency wallets, and messaging apps like Telegram. It uses C++ code and evasion strategies, including checks for sandbox detection and reverse engineering hindrance. Malvertising draws victims into clicking malicious links, initiating malware download. Statc Stealer extracts and encrypts data from browsers and wallets, using PowerShell and HTTPS encryption for secure transmission to a C&C server.
Focused on Windows systems, Statc Stealer steals login credentials, cookies, credit card data, and cryptocurrency wallet info, with techniques to pilfer autofill data. The stolen data is housed on cybercriminal-operated C&C servers. To mitigate threats, cybersecurity experts should use tools like Zscaler Cloud IPS and stay updated on emerging risks. Zscaler's multi-layered cloud security platform aids in detection and analysis, enabling effective countermeasures. Statc Stealer's discovery underscores the ongoing battle between cybercriminals and security professionals, emphasizing robust defenses and proactive security.
0 Comments