Kaspersky Unveils New Stealers

No photo availableByStaff Writer
2 min read
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered three new stealers: Acrid, ScarletStealer, and an evolved form of Sys01
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered three new stealers: Acrid, ScarletStealer, and an evolved form of Sys01
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered three new stealers: Acrid, ScarletStealer, and an evolved form of Sys01

In the ongoing battle against cyber threats, Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered three new stealers: Acrid, ScarletStealer, and an evolved form of Sys01. These findings are detailed in the latest report, shedding light on the evolving tactics of cybercriminals.

Discovered in December of last year, Acrid emerges as a fresh addition to the stealer landscape. Despite its 32-bit architecture, a rarity in today’s predominantly 64-bit environment, Acrid leverages the “Heaven’s Gate” technique, enabling access to 64-bit space and circumventing security measures. It exhibits typical stealer functionalities, including browser data theft, cryptocurrency wallet pilferage, and file exfiltration. While moderately sophisticated with string encryption, Acrid lacks groundbreaking features.

ScarletStealer, identified alongside the analysis of the Penguish downloader, diverges from traditional stealers. Instead of directly stealing data, it downloads additional executables, predominantly targeting cryptocurrency wallets. Notably, ScarletStealer’s executables are digitally signed, a redundant practice considering its underdeveloped functionality and numerous flaws. Despite its shortcomings, ScarletStealer’s victims span globally, with concentrations in Brazil, Turkey, and the USA.

Previously known as Album Stealer or S1deload Stealer, Sys01 undergoes a transformation, blending C# and PHP payloads. Its infection vector remains consistent, enticing users with malicious ZIP archives disguised as adult content. This latest iteration, named Newb, showcases divided functionality, with browser data collection segregated into a separate module called imageclass. The campaign’s victims, widespread but concentrated in Algeria, underscore the threat’s worldwide reach.

“The emergence of these new stealers serves as a stark reminder of the insatiable demand within the criminal underworld for tools facilitating data theft. With the potential for dire consequences such as financial losses and privacy breaches, it’s imperative for individuals and organisations alike to remain vigilant and adopt proactive cybersecurity measures. Kaspersky strongly advises maintaining up-to-date software, exercising caution during file downloads and attachment openings, and exploring robust security solutions like SystemWatcher to fortify defenses against ever-evolving threats,” commented Tatyana Shishkova, lead security researcher at Kaspersky’s GReAT.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co