Statc Stealer | Zscaler ThreatLabz Blog
www.zscaler.com
Beware of Statc Stealer: Hidden in ads, it unleashes malicious files. Stay vigilant, protect your devices and data from this stealthy threat.

Summary

  • Zscaler discovered a new information stealer called Statc Stealer.
  • Statc Stealer is a sophisticated malware targeting Windows devices to steal sensitive information.
  • The malware disguises itself as authentic Google ads (and .mp4 file) to infect systems.
  • Stealing capabilities include data from web browsers, crypto wallets, credentials, and messaging apps including Telegram.
  • Statc Stealer uses C++ code, evasion techniques, and encryption to hide its actions.
  • The attack chain involves malvertising, dropper, downloader files, and PowerShell scripts.
  • Stolen data is encrypted and sent to a command-and-control (C&C) server.
  • Popular Windows browsers like Chrome, Edge, Brave, and others are targeted.
  • Raisin8659@monyet.ccOPEnglish
    4·
    2 years ago

    You don’t need admin access to do a lot of damage on a windows system. From the user space, a malware can:

    1. Exfiltrate files
    2. Read memory of other processes
    3. Read all user credentials from the credential store, including from TPM
    4. If the malware can fool the user to authenticate using Windows Hello, even the password managers that store encrypted secrets in credential stores aren’t safe:

    See this same class of malware at (unfortunate link, but you can see the detailed discussions there): https://www.reddit.com/r/Bitwarden/comments/14r29p6/meduza_stealer_will_steal_on_windows_browser/

    • cwagner@lemmy.cwagner.me
      3·
      2 years ago

      The discussion doesn’t actually add much (as it’s people without any extra knowledge), but the linked article there mentions the ability to bypass UAC