Cybersecurity researchers have uncovered the Stealit malware campaign, which uses Node.js SEA and Electron frameworks to distribute malicious payloads through fake installers for popular applications. The threat actors offer a subscription-based service that includes a remote access Trojan capable of data extraction, webcam control, and ransomware deployment. #Stealit #NodeJsSEA #ElectronFramework #RemoteAccessTrojan #C2Servers
Keypoints
- The Stealit malware campaign exploits Node.jsβ SEA feature to distribute payloads as standalone executables.
- It uses fake installers for games and VPNs uploaded on file-sharing sites like Mediafire and Discord.
- The malware offers a subscription-based service with remote access tools supporting data theft and ransomware.
- It employs anti-analysis checks and evades Defender Antivirus by configuring exclusions and hiding components.
- The malware functions include browser data extraction, messaging app monitoring, and persistence setup with real-time screen streaming.
Read More: https://thehackernews.com/2025/10/stealit-malware-abuses-nodejs-single.html