The creators of StealC, a widely-used info stealer and malware downloader, have launched its second main model, bringing a number of stealth and information theft enhancements.
The most recent model of StealC was truly made out there to cybercriminals in March 2025, however Zscaler researchers who analyzed it simply revealed an in depth write-up.
Within the weeks that adopted its launch, a number of minor bug fixes and level releases added new options, with the newest being model 2.2.4.
StealC is a light-weight info-stealer malware that gained traction on the darkish internet in early 2023, promoting entry for $200/month.
In 2024, it was noticed in large-scale malvertising campaigns and assaults locking methods into inescapable kiosk modes.
In late 2024, it was confirmed that StealC improvement remained very lively, with its builders including a bypassing mechanism for Chrome’s ‘App-Sure Encryption’ cookie-theft defenses, permitting the “regeneration” of expired cookies for hijacking Google accounts.
New in newest model
Model 2 (and later) was introduced in March 2025. In response to Zscaler’s evaluation, it brings the next main enhancements:
- Payload supply enhancements with assist for EXE recordsdata, MSI packages, and PowerShell scripts, and configurable payload triggering.
- RC4 encryption was added for code strings and command-and-control (C2) communications, with random parameters in C2 responses for higher evasion.
- Structure and execution enhancements with new payloads compiled for 64-bit methods, resolving API capabilities dynamically at runtime, and introducing a self-deletion routine.
- New embedded builder that enables operators to generate new StealC builds utilizing templates and customized information theft guidelines.
- Added Telegram bot assist for real-time alerts to operators.
- Added functionality to screenshot the sufferer’s desktop with multi-monitor assist.
Supply: Zscaler
Nonetheless, aside from the function additions, there have additionally been some notable removals, just like the anti-VM checks and DLL downloading/execution.
These may point out an effort to make the malware leaner, however they might even be collateral injury from main code rework and could possibly be re-introduced in higher type in future variations.
Supply: Zscaler
In the newest assaults seen by Zscaler, StealC was deployed by Amadey, a separate malware loader, although completely different operators may differentiate the supply strategies or assault chains.
To guard your information from info-stealer malware, keep away from storing delicate info in your browser for comfort, use multi-factor authentication to guard your accounts, and by no means obtain pirated or different software program from obscure sources.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and the right way to defend in opposition to them.
