The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. To protect your data from info-stealer malware, avoid storing sensitive information on your browser for convenience, use multi-factor authentication to protect your accounts, and never download pirated or other software from obscure sources. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. In the most recent attacks seen by Zscaler, StealC was deployed by Amadey, a separate malware loader, though different operators could differentiate the delivery methods or attack chains. In late 2024, it was confirmed that StealC development remained very active, with its developers adding a bypassing mechanism for Chrome's 'App-Bound Encryption' cookie-theft defenses, allowing the "regeneration" of expired cookies for hijacking Google accounts. The latest version of StealC was actually made available to cybercriminals in March 2025, but Zscaler researchers who analyzed it just published a detailed write-up. StealC is a lightweight info-stealer malware that gained traction on the dark web in early 2023, selling access for $200/month. These might indicate an effort to make the malware leaner, but they may also be collateral damage from major code rework and could be re-introduced in better form in future versions.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 04 May 2025 15:35:05 +0000