CyberSecurityBoard
Sponsor Register Login

New DarkCloud Stealer Uses AutoIt to Evade Detection & Steal Login Credentials

A new variant of the DarkCloud information-stealing malware has emerged, leveraging the AutoIt scripting language to bypass security tools and harvest sensitive credentials from infected systems. According to researchers at Palo Alto Networks’ Unit 42 threat intelligence team, DarkCloud v4 exploits AutoIt’s flexible scripting capabilities to compile malicious payloads into standalone executables. Palo Alto Networks analysts noted that the malware further obfuscates strings using Base64 and XOR encryption, while inserting “junk code” to confuse static analysis tools. Researchers at Palo Alto Networks identified that the malware’s impact has been severe: breaches linked to DarkCloud v4 have already compromised over 120,000 corporate and individual accounts, with stolen credentials sold on darknet markets. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Dubbed DarkCloud Stealer v4, the malware has targeted financial institutions, healthcare organizations, and e-commerce platforms across Asia and Europe since its initial detection in March 2025. Security experts warn that its novel use of legacy tools and obfuscation techniques poses significant challenges for traditional detection methods. Attack vectors include phishing campaigns disguised as invoice alerts, malicious advertising redirects, and fake software updates for popular productivity tools like Slack and Zoom. Security teams can hunt for compiled AutoIt executables (.a3x) or anomalous script-child processes originating from trusted applications. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These executables mimic legitimate software processes, enabling the malware to evade heuristic analysis and sandboxing. The malware suspends the target process, replaces its memory with malicious code, and resumes execution-a technique captured in forensic memory dumps. Endpoint detection tools should prioritize behavioral analysis, such as unexpected process injections or rapid credential-access attempts. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 14:19:53 +0000


Cyber News related to New DarkCloud Stealer Uses AutoIt to Evade Detection & Steal Login Credentials

New DarkCloud Stealer Uses AutoIt to Evade Detection & Steal Login Credentials - A new variant of the DarkCloud information-stealing malware has emerged, leveraging the AutoIt scripting language to bypass security tools and harvest sensitive credentials from infected systems. According to researchers at Palo Alto Networks’ Unit ...
4 months ago Cybersecuritynews.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
DarkCloud Stealer Targeting Financial Companies: New Threat Emerges - DarkCloud Stealer is a newly identified malware that specifically targets financial companies, posing a significant threat to the cybersecurity landscape. This sophisticated stealer malware is designed to infiltrate corporate networks, extract ...
3 weeks ago Cybersecuritynews.com
DarkCloud Stealer Attacking Organizations with Weaponized .TAR Archive to Steal Passwords - A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. With years of experience under his belt in Cyber Security, he is covering Cyber ...
6 months ago Cybersecuritynews.com Hunters
DarkCloud - An Advanced Stealer Malware Selling Via Telegram To Steal Data From Windows - Security researcher REXorVc0 identified DarkCloud’s extensive capabilities, noting that the malware employs a multi-stage infection process designed to evade detection. This technique allows DarkCloud to operate stealthily, evading most ...
6 months ago Cybersecuritynews.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
4 years ago
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
1 year ago Bleepingcomputer.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
5 months ago Cybersecuritynews.com
New Android Malware 'Salvador Stealer' That Phish & Steals Your Banking Details & OTPs - Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. Once active, Salvador Stealer ...
6 months ago Cybersecuritynews.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
1 year ago Bleepingcomputer.com
New Spear Phishing Attack Delivers DarkCloud Malware - A new spear phishing campaign has been identified as the delivery method for the DarkCloud malware, posing significant risks to targeted organizations. This attack leverages highly tailored phishing emails to deceive recipients into opening malicious ...
1 week ago Cybersecuritynews.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
1 year ago Darkreading.com
Threat Actors Using Cascading Shadows Attack Chain to Avoid Detection & Complicate Analysis - A sophisticated phishing campaign leveraging a multi-layered attack chain dubbed “Cascading Shadows” has been uncovered by the Palo Alto Networks’ Unit 42 researchers in December 2024. This campaign delivers malware families like ...
5 months ago Cybersecuritynews.com
Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
4 months ago Cybersecuritynews.com Kimsuky
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
6 months ago Cybersecuritynews.com
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
5 months ago Cybersecuritynews.com
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
1 year ago Thehackernews.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
6 months ago Cybersecuritynews.com
ACR Stealer: Uncovering Attack Chains - The ACR Stealer malware has emerged as a significant threat in the cybersecurity landscape, known for its sophisticated attack chains and data theft capabilities. This article delves into the mechanics of ACR Stealer, exploring how it infiltrates ...
3 weeks ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)