Published: October 17, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Let us fill you in on something new in the world of cybercrime, because well, you should be aware of it. There's a malicious program discovered by researchers at Zscaler Threatlabz called Statc Stealer. It’s lurking out there, ready to snatch your precious data from Windows devices. It's like a digital pickpocket that can pilfer sensitive info from your web browsers, including login data, cookies, and even your autofill data.
Of course, not one to stick to just being a one-trick pony, it can do more. It's also got a hankering for cryptocurrency wallets too, nabbing credentials, passwords, and even data from messaging apps like Telegram. This Statc Stealer is slick. It's crafty enough to dodge sandbox and reverse engineering checks that are prevalent within IT of all sorts of organizations.
Here's how it works: Some unsuspecting soul clicks on what seems like a legitimate Google ad in their Chrome browser. Seems harmless enough. However, by doing that they unknowingly download the Initial Sample file from this malware. This file kicks off a chain reaction, executing a Decoy PDF Installer, which then brings in the Statc payload. Once it has your data, Statc Stealer encrypts it, puts it in a text file, and stores it away.
But it doesn't stop there. Statc Stealer connects to its command and control server to send over the stolen goodies. It's not real picky either; it targets popular Windows browsers like Chrome, Edge, and Firefox, as well as others. It swipes everything from cookies to cryptocurrency wallet information.
This Statc Stealer is a reminder that cybercriminals are getting craftier by the day making it harder for us to stay one step ahead. It may feel like we’re several steps behind, but we can do something to keep up:
Stay on top of current and past threats. They recirculate and evolve. If you know about them, you can catch them before they catch you.
Stay vigilant. Don’t give up or let your guard down. The cybercriminals are counting on that.
Keep researching. If you are looking for software or apps, check out reviews and make sure others haven’t reported problems before you download them.
Don’t just click. Be sure you know what you’re getting whenever you click a link, advertisement, attachment, or anything else. They are all fair game for hiding malware.
Always keep anti-virus/anti-malware products installed and updated on all of your devices. While they don’t catch it all, they will catch most and that’s a big help when it comes to your cybersecurity.
We may never get ahead in the cybersecurity race. However, being aware is a great way to stay even.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com