Stealing More Than Just Cookies: The Evolving Malware Threat

In a disturbing development, the creators of StealC, a notorious information stealer and malware downloader, have released its second major version, packing enhanced stealth tools and data theft capabilities.

According to a recent analysis by Zscaler researchers, the latest version of StealC, version 2.2.4, was made available to cybercriminals in March 2025 and has since undergone several minor updates.

StealC, a lightweight malware that first gained traction on the dark web in early 2023, has been linked to large-scale malvertising campaigns and attacks that lock systems into inescapable kiosk modes.

Its developers have been actively updating the malware, adding features such as a bypass mechanism for Chrome’s ‘App-Bound Encryption’ cookie-theft defenses, which allows the “regeneration” of expired cookies for hijacking Google accounts.

The latest version of StealC brings several major improvements, including enhanced stealth capabilities and data theft tools.

However, the malware has also shed some of its previous features, including anti-VM checks and DLL downloading/execution. While this may indicate an effort to make the malware leaner, it could also be a result of major code rework and may be reintroduced in future versions.

StealC has been deployed by Amadey, a separate malware loader, in recent attacks seen by Zscaler. To protect your data from info-stealer malware, experts recommend avoiding storing sensitive information on your browser for convenience, using multi-factor authentication to protect your accounts, and never downloading pirated or other software from obscure sources.

The threat posed by StealC highlights the need for vigilance in the face of evolving malware threats. By staying informed and taking proactive steps to secure your digital assets, you can reduce the risk of falling victim to these types of attacks.

Let’s goo deeper. What’s StealC? Key Features, Distribution – Deployment, Prevention

StealC is a type of information stealer and malware downloader that has been gaining traction on the dark web since early 2023. It is a lightweight malware that can be easily distributed through various means, including malvertising campaigns, phishing attacks, and exploitation of vulnerabilities in software.

Key Features

Data Theft: StealC is designed to steal sensitive information from infected systems, including login credentials, credit card numbers, and other personal data.

Malware Downloader: StealC can download and install additional malware on infected systems, allowing attackers to gain further control and access to sensitive data.

Stealth Capabilities: StealC has been upgraded with enhanced stealth tools, making it difficult to detect and remove.

Bypass Mechanisms: StealC has a bypass mechanism for Chrome’s ‘App-Bound Encryption’ cookie-theft defenses, allowing attackers to regenerate expired cookies and hijack Google accounts.

Distribution and Deployment

Malvertising Campaigns: StealC has been linked to large-scale malvertising campaigns, which involve infecting websites with malicious code that downloads StealC onto unsuspecting users’ systems.

Phishing Attacks: StealC can be distributed through phishing attacks, where attackers send emails or messages with malicious links or attachments that download StealC onto victims’ systems.

Exploitation of Vulnerabilities: StealC can exploit vulnerabilities in software to gain access to infected systems.

Mitigation and Prevention

Avoid Storing Sensitive Information: Avoid storing sensitive information on your browser or in unsecured locations.

Use Multi-Factor Authentication: Use multi-factor authentication to protect your accounts and sensitive data.

Keep Software Up-to-Date: Keep your operating system, browser, and other software up-to-date with the latest security patches.

Use Anti-Virus Software: Use reputable anti-virus software to detect and remove malware, including StealC.

Be Cautious with Links and Attachments: Be cautious when clicking on links or opening attachments from unknown sources.