Uncover a new version of the StealC malware with advanced stealth features and powerful data theft tools.
StealC first appeared on the dark web in early 2023, offered for \$200 per month. Since then, it has evolved rapidly. In 2024, reports showed its use in large malvertising campaigns and attacks using kiosk mode to trap systems.
By late 2024, developers behind StealC had introduced a way to bypass Chrome’s cookie protections. This allowed attackers to regenerate expired cookies and hijack Google accounts. This was a major leap in the malware’s capabilities.
In March 2025, a major update introduced StealC Version 2. This version came with new ways to deliver payloads through EXE files, MSI installers, and PowerShell scripts. Operators could also set custom triggers for the payloads.
To avoid detection, the malware now uses RC4 encryption for its code and communications. It also randomizes command-and-control (C2) responses, which makes it harder for security tools to catch it. Therefore, its evasion skills have greatly improved.
The update also brought a self-deletion routine, 64-bit payloads, and runtime API resolution. These upgrades help the malware run more smoothly and escape detection. Moreover, it includes a builder tool that lets attackers create customized builds with specific data theft rules.
In addition, StealC now supports Telegram bots. This allows attackers to receive real-time alerts. It can also take screenshots, even from multiple monitors, adding another layer to its spying abilities.
However, some features were removed, including anti-VM checks and DLL loading. These changes may aim to make the malware lighter. But they could also result from ongoing code restructuring and might return in later updates.
Recent attacks involved StealC being delivered by another malware loader known as Amadey. However, different threat actors might use other delivery methods, making the threat more diverse and harder to trace.
How to Protect Against StealC Malware
To avoid threats like StealC, users and companies must stay alert. First, update all software regularly to fix security flaws. Second, avoid downloading software or clicking on ads from unknown sources.
Using strong endpoint protection and enabling real-time monitoring tools can help spot unusual behavior early. Also, avoid running suspicious scripts and always verify email attachments or links before clicking.
Training staff to spot social engineering tricks, like phishing, adds another layer of defense. Finally, backups and incident response plans are key to recovering quickly from malware infections.
Sleep well, we got you covered.
