A cybersecurity researcher exploited a cross-site scripting (XSS) vulnerability in the StealC malware control panel to observe attacker activity and gather intelligence. The flaw enabled session hijacking and operator profiling, potentially disrupting the malwareโs operations. #StealC #XSSvulnerability
Keypoints
- The StealC malware gained popularity in early 2023 on dark web channels.
- CyberArk researchers identified an XSS flaw in the malwareโs control panel allowing session hijacking.
- The vulnerability revealed details about threat actorsโ hardware, location, and active sessions.
- StealC version 2.0 added Telegram alerts and customizable build features before the source code leak.
- The exposure of the flaw aims to disrupt increasing StealC operations amid rising threats.