The creators of StealC, a widely-used data stealer and malware downloader, have launched its second main model, bringing a number of stealth and knowledge theft enhancements.
The newest model of StealC was truly made out there to cybercriminals in March 2025, however Zscaler researchers who analyzed it simply revealed an in depth write-up.
Within the weeks that adopted its launch, a number of minor bug fixes and level releases added new options, with the newest being model 2.2.4.
StealC is a light-weight info-stealer malware that gained traction on the darkish net in early 2023, promoting entry for $200/month.
In 2024, it was noticed in large-scale malvertising campaigns and assaults locking programs into inescapable kiosk modes.
In late 2024, it was confirmed that StealC growth remained very energetic, with its builders including a bypassing mechanism for Chrome’s ‘App-Certain Encryption’ cookie-theft defenses, permitting the “regeneration” of expired cookies for hijacking Google accounts.
New in newest model
Model 2 (and later) was introduced in March 2025. In accordance with Zscaler’s evaluation, it brings the next main enhancements:
- Payload supply enhancements with help for EXE recordsdata, MSI packages, and PowerShell scripts, and configurable payload triggering.
- RC4 encryption was added for code strings and command-and-control (C2) communications, with random parameters in C2 responses for higher evasion.
- Structure and execution enhancements with new payloads compiled for 64-bit programs, resolving API capabilities dynamically at runtime, and introducing a self-deletion routine.
- New embedded builder that permits operators to generate new StealC builds utilizing templates and customized knowledge theft guidelines.
- Added Telegram bot help for real-time alerts to operators.
- Added functionality to screenshot the sufferer’s desktop with multi-monitor help.
Supply: Zscaler
Nonetheless, aside from the function additions, there have additionally been some notable removals, just like the anti-VM checks and DLL downloading/execution.
These would possibly point out an effort to make the malware leaner, however they might even be collateral injury from main code rework and could possibly be re-introduced in higher type in future variations.
Supply: Zscaler
In the latest assaults seen by Zscaler, StealC was deployed by Amadey, a separate malware loader, although totally different operators might differentiate the supply strategies or assault chains.
To guard your knowledge from info-stealer malware, keep away from storing delicate data in your browser for comfort, use multi-factor authentication to guard your accounts, and by no means obtain pirated or different software program from obscure sources.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend towards them.
