The second major version of StealC, an information stealer and malware downloader, has been released with numerous enhancements in stealth and data theft capabilities. Despite being available to cybercriminals since March 2025, Zscaler researchers have recently published a detailed analysis of its features and improvements. The malware continues to adapt and evolve, suggesting increased activity in its development and deployment strategies.
Keypoints :
- StealC is a lightweight malware that gained popularity in early 2023, selling access for 0/month on the dark web.
- The latest version (2.2.4) includes enhancements for payload delivery, supporting EXE files, MSI packages, and PowerShell scripts.
- RC4 encryption has been added for C2 communications, improving evasion tactics.
- New payloads are now compiled for 64-bit systems, and a self-deletion routine has been introduced.
- Operators can generate custom builds with a new embedded builder and receive real-time alerts through a Telegram bot.
- The malware has removed anti-VM checks and DLL downloading/execution, suggesting efforts to streamline its design.
- Recent attacks utilized StealC deployed by the Amadey malware loader, indicating diverse delivery methods.
- Recommendations to protect against info-stealer malware include avoiding sensitive data storage in browsers and using multi-factor authentication.