1 min

Sekoia.io warns about Stealc, a new info stealer

Discovered in January, 2023, this MaaS, inspired by Vidar, Raccoon, Redline and Mars, is quickly becoming very popular among Russian cybercriminals

Cyber risks - March 06, 2023

On February 20, 2023, the French cybersecurity software publisher, Sekoia.io, devoted a long blog post to Stealc, a new and increasingly popular info stealer. Analysts outline its spread, its MO and methods to counter it.

Stealc was first spotted in January, 2023. Its developer, known only as Plymouth, sold it as MaaS (Malware-as-a-Service), presenting it as a ready-to-use info stealer, drawing inspiration from Vidar, Raccoon, Redline and Mars, currently the most popular info stealers.

In early February, 2023, Sekoia.io analysts identified a new type of malware, which they quickly connected to Stealc and Plymouth. An investigation uncovered dozens of Stealc samples and over 40 active C2 servers. The info stealer’s popularity grew very quickly, especially among Russian-speaking cybercriminals.

Every MaaS customer has their own admin panel to host the Stealc C2 server, and generate samples themselves. Sekoia.io surmises that Stealc is quickly cracked, and distributed for free in cybercrime networks.

The report is therefore of the opinion that Plymouth is not economically viable in the long term, as opposed to similar projects like Vidar or Raccoon. However, this ease of access should enable the spread of Stealc, and its persistence through time.

Sekoia.io thus recommends that this threat be taken very seriously, and Stealc, added to the list of closely monitored malware.

Send this to a friend