The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements.
Initially released in March 2025, the new version has since received several updates, including version 2.2.4, adding features like RC4 encryption for C2 communication, 64-bit payload support, and runtime API resolution.
StealC also now supports multiple payload types (EXE, MSI, PowerShell) and includes tools like a builder for custom data theft rules and Telegram alerts for operators.
It can also take screenshots of victims' desktops, even across multiple monitors. Notably, some features like anti-VM checks and DLL execution were removed, possibly for streamlining or future refinement.
Zscaler observed the malware being delivered by the Amadey loader in recent campaigns. Users are advised to avoid saving sensitive info in browsers, use MFA, and steer clear of pirated software to stay protected.
Read more...