Summary
- Zscaler discovered a new information stealer called Statc Stealer.
- Statc Stealer is a sophisticated malware targeting Windows devices to steal sensitive information.
- The malware disguises itself as authentic Google ads (and .mp4 file) to infect systems.
- Stealing capabilities include data from web browsers, crypto wallets, credentials, and messaging apps including Telegram.
- Statc Stealer uses C++ code, evasion techniques, and encryption to hide its actions.
- The attack chain involves malvertising, dropper, downloader files, and PowerShell scripts.
- Stolen data is encrypted and sent to a command-and-control (C&C) server.
- Popular Windows browsers like Chrome, Edge, Brave, and others are targeted.
The malware disguises itself as authentic Google ads
Let this be yet another reminder that you should always browse with some kind of AdBlock enabled.
No block, go watch ad!
Google probably while DRMing the web.
deleted by creator
You don’t need admin access to do a lot of damage on a windows system. From the user space, a malware can:
- Exfiltrate files
- Read memory of other processes
- Read all user credentials from the credential store, including from TPM
- If the malware can fool the user to authenticate using Windows Hello, even the password managers that store encrypted secrets in credential stores aren’t safe:
See this same class of malware at (unfortunate link, but you can see the detailed discussions there): https://www.reddit.com/r/Bitwarden/comments/14r29p6/meduza_stealer_will_steal_on_windows_browser/
deleted by creator
In 2008 I went mac and never turned back. Please, don’t tell me about the rare invulnerability of OS X. I get that…I have had zero problems for 15 years. That’s right! No problems at all. Up until 2008, as a Windows user, it was every fucking day.
deleted by creator
I’ve only gotten malware on windows once, and I was doing something pretty dodgy “downloading linux ISOs” while half asleep. But it requires some effort to stay away from and on mac you almost don’t have to think about it.
Macs do literally nothing I need a computer to do aside from web browsing, so I never got into them, always opting for thinkpads with windows or linux on them for my work machines and desktops with windows for gaming. If they fit your use case they are amazing though.
