Threats Tagged 'stealc'

Infostealers remain among the most pervasive cybercrime threats, silently harvesting passwords, cookies, and session tokens that enable enterprise breaches. StealC is a malware-as-a-service infostealer written in C++ that collects credentials from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms while functioning as a secondary loader. Amadey operates as a modular backdoor loader active since 2018, delivering downstream payloads including StealC, Lumma Stealer, and ransomware through various backdoor commands. Both operate on commodity rental models where stolen credentials flow through underground markets to access brokers who resell enterprise access. On June 24, 2026, Microsoft's Digital Crimes Unit coordinated with Europol to disrupt over 200 malicious command-and-control domains supporting these operations, using AI-assisted analysis tools including Microsoft Copilot for binary analysis and configuration extraction.

On May 14, 2026, a supply chain attack was discovered targeting the Okendo Reviews widget, a customer review platform used by over 18,000 brands. The threat actor injected malicious JavaScript code into the legitimate widget, which is deployed on high-traffic e-commerce pages including storefronts and product pages. The compromised JavaScript acted as a staged loader, using obfuscation, localStorage tracking, User-Agent filtering, and XOR-based decoding to conceal next-stage infrastructure. The attack employed ClickFix-style social engineering to deceive users into executing malicious commands, ultimately delivering remote access trojans like NetSupport and Remcos, or information stealers such as StealC. Affected websites received hundreds of thousands to millions of monthly visitors, with nearly 15,000 blocks recorded in a single day.