Stealc, the malware puts passwords and cards at risk on Chrome and Firefox

I browser they collect an impressive amount of information while browsing online. Precisely for this reason, they represent a coveted prey for animals cybercriminali.

Precisely for this reason, there are many malware created specifically to steal the data of unsuspecting users. Among the various infostealer However, few out there are as potentially dangerous as Strike.

We are in fact talking about a malicious agent that exploits various advanced techniques, ranging from escapist behaviors at the encryptionuntil the use of polymorphic code.

Stealc was recently discovered by Aziz Farghly, a cybersecurity researcher. This malware, it seems, has been sold under the formula for some time MaaS (Malware-as-a-Service) on some Russian hacker forums. According to research, the infostealer in question would mainly attack the data stored on Google Chrome e Mozilla Firefoxdemonstrating a certain predilection for password and papers credit/debt.

Stealc uses several techniques to make itself effective and difficult to detect

The analysis demonstrates how the malware we are talking about is capable of exfiltrating data efficiently, sending it to server C2.

To be less conspicuous, Stealc acts without compressing the files but sending them directly to the attackers. This modus operandi, in contrast to other malicious agents, makes it much more stealthy. Once activated, the malware checks to see if it is running Windows Defender and the language of the operating system in use. In this way, the infostealer acts selectively, excluding the attack in the case of a user coming from specific geographical areas.

At an operational level, Stealc proves to be very flexible. The information it can extract from infected browsers is:

  • Login;
  • Credit cards;
  • Cookie e chronology del browser;
  • Wallet Extensions installed on browsers;
  • Token Discord;
  • Token Telegram;
  • File ssfn di Steam and configuration data;
  • qtox configuration file;
  • Pidgin configuration file.

Furthermore, the malicious agent is capable of capture screenshot from the infected computer.

To avoid any infections, the advice is to always maintain high attention. A great antivirus it can certainly help, just as it is advisable to constantly update this tool and the operating system.


Please enter your comment!
Please enter your name here