Security researcher REXorVc0 identified DarkCloud’s extensive capabilities, noting that the malware employs a multi-stage infection process designed to evade detection. This technique allows DarkCloud to operate stealthily, evading most security solutions while harvesting sensitive data from browsers, password managers, and email clients to be exfiltrated through Telegram bots. The impact has been significant, with numerous organizations falling victim to its data theft capabilities, losing browser data, cryptocurrency wallets, and credentials to attackers operating through Telegram channels. “The execution and distribution of this Stealer have been driven by phishing campaigns, where attackers impersonated various companies,” REXorVc0 explained in their technical analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This Windows-targeting malware has evolved significantly to extract sensitive information including browser data, FTP credentials, screenshots, keystrokes, and financial information from infected systems. The primary distribution method involves phishing campaigns, where attackers impersonate legitimate companies or disguise their attacks as payment receipts or fines. The initial payload, typically delivered as compressed files or scripts, kicks off a multi-stage process designed to bypass security controls. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Additional vectors include malvertising, watering hole attacks, and deployment alongside other malware such as DbatLoader or ClipBanker. DarkCloud is a sophisticated stealer malware that emerged in 2022, quickly positioning itself as one of the most prevalent threats in its category. DarkCloud’s infection chain begins when a victim accesses a malicious link or downloads an infected file.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 31 Mar 2025 11:35:13 +0000