[Warning]: Statc Stealer, targets crypto wallets and sensitive information

[Dave1]

Another variant of crypto stealers has been discovered lately, called Statc Stealer. It is defined as a sophisticated malware that targets Windows OS for now, steals sensitive information, including web browsers, crypto wallets and other social media platform passwords. It is so sophisticated that it was developed using C++ and so has a evading skills and sandbox detection.

Mode of infection:

The Zscaler ThreatLabz team recently discovered Statc Stealer. This malicious software gains access to a victim’s data by appearing like an authentic Google advertisement. Once the victim clicks on the advertisement, their operating system is infected with malicious code that steals sensitive data like credentials from web browsers, credit card information, and cryptocurrency wallet details. Unauthorized access to a victim’s computer system can have enormous personal and professional repercussions. Victims become easy targets for identity theft, cryptojacking, and other forms of malware attacks. At the enterprise level, a Statc Stealer breach can result in financial loss, reputational damage, legal liabilities, and regulatory penalties.

Attack Chain:



So once you download it in your system, it will steal every information that it can find and then send it to a command and control server. So they will have total control of your system then.

Targeted Browsers:

 - Chrome
- Microsoft Edge
- Brave
- Opera
- Yandex
- Mozilla Firefox

Stealing auto-fill data:

- Usernames and passwords
- Email
- Credit card details
- Personal addresses
- Payment information

Crypto related wallets:

- Cryptocom-Wallet
- Petra-aptos-wallet
- exodus-web3-wallet
- bitkeep-crypto-nft-wallet
- liquality-wallet
- ethos-sui-wallet
- suite-sui-wallet
- tallsman-polkadot-wallet
- Enkrypt-ethereum-polkadot
- leap-cosmos-wallet
- pontem-aptos-wallet
- fewcha-move-wallet
- rise-aptos-wallet
- teleport-wallet
- martin-wallet-aptos-sui
- avana-wallet-solana-wallet
- glow-solana-wallet-beta
- solflare-wallet

https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat
So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware.

[1714607283]

1714607283

[1714607283]

1714607283

[1714607283]

1714607283

[1714607283]

1714607283

[lovesmayfamilis]

So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware.

It's bound to happen someday. People working with Windows are doomed to receive widespread surveillance from the manufacturer and regular attacks from hackers. Of course, hacker groups like Lazarus will not mess with small users, however, their partners do not disdain small prey. And most often, lovers of Windows systems fall for the bait. But in no way am I overestimating the merits of Linux systems, and the fact that they will be a panacea for viruses, nevertheless, the use of these systems and constant monitoring for security will become some guarantee.

[ImThour]

Very information and true, this is happening to the biggest youtubers and content creators also to the Crypto Influencers who are famous on Twitter. They are often sent a PDF file which they claim is terms and conditions for their new $120k per month sponsorship for a Crypto project and they simply put virus in their system which copies all the data as mentioned in the post above. I have seen this happening to many of them and in fact some of them lost everything they had in their wallets. Never download any PDF or document from an untrusted resource.

[Sandra_hakeem]

Cyber insecurity is almost becoming a repugnant act in the world today..how insane they must have grown this whole time,.. without hesitations and reconsiderations on the damages and the instillation of deceptive perception as to how 'em rookies would begin to rate this whole cryptography in years to come... This is appalling!!
I sometimes find every reason to think that the eco- system is supposed to engage in self rehabilitations by now - or better still, peeps should've learnt Thier lessons and Begin whatever stakes they've got in a more secure wallet system....
WICS: Hey y'all, these dude's ain't even joking... They don't seem to have a quitting attitude anytime soon... Let's be informative with this. beCAREFUL of whatever data you save on software applications.

Sandra 🧑‍🦰

[Dave1]

Very information and true, this is happening to the biggest youtubers and content creators also to the Crypto Influencers who are famous on Twitter. They are often sent a PDF file which they claim is terms and conditions for their new $120k per month sponsorship for a Crypto project and they simply put virus in their system which copies all the data as mentioned in the post above. I have seen this happening to many of them and in fact some of them lost everything they had in their wallets. Never download any PDF or document from an untrusted resource.

Yes, I came across those youtube influencers but we know right? We should be downloading any of them as we shouldn't trust anyone in crypto sphere not even those so called influencers because we don't know what's their intention behind.

Maybe they are supposedly helping us, but at the back of it, if you download something from them, like a harmless PDF files or even videos itself, it could contain some malwares that can quickly sniff everything in our computers.

[vv181]

Once the victim clicks on the advertisement, their operating system is infected with malicious code

That phrasing suggests the operating system is immediately infected after the user clicks the ads. Which is completely wrong according to how the detailed technical information in which the malware has to be executed. I don't know if in Google Chrome there is a feature of auto-run on the download configuration, but if there exists, that might explain the possibility.

Also, I don't think malware that developed on C++ can be said simply sophisticated since many malware developed with that programming language, as also have been addressed in the article.

They are often sent a PDF file which they claim is terms and conditions for their new $120k per month sponsorship ~ and they simply put virus in their system which copies all the data as mentioned in the post above. Never download any PDF or document from an untrusted resource.

Exactly, and the one who is being targeted is the one who manages partnerships and related stuff, which can be said as the weak links of the organization. It is essential to do basic checking, besides the email provider scam/spam filter, one must exercise good digital security practices, say scanning any file to VirusTotal or any related malware web scanner service.

[tech30338]

Another variant of crypto stealers has been discovered lately, called Statc Stealer. It is defined as a sophisticated malware that targets Windows OS for now, steals sensitive information, including web browsers, crypto wallets and other social media platform passwords. It is so sophisticated that it was developed using C++ and so has a evading skills and sandbox detection.

Mode of infection:

The Zscaler ThreatLabz team recently discovered Statc Stealer. This malicious software gains access to a victim’s data by appearing like an authentic Google advertisement. Once the victim clicks on the advertisement, their operating system is infected with malicious code that steals sensitive data like credentials from web browsers, credit card information, and cryptocurrency wallet details. Unauthorized access to a victim’s computer system can have enormous personal and professional repercussions. Victims become easy targets for identity theft, cryptojacking, and other forms of malware attacks. At the enterprise level, a Statc Stealer breach can result in financial loss, reputational damage, legal liabilities, and regulatory penalties.

Attack Chain:



So once you download it in your system, it will steal every information that it can find and then send it to a command and control server. So they will have total control of your system then.

Targeted Browsers:

 - Chrome
- Microsoft Edge
- Brave
- Opera
- Yandex
- Mozilla Firefox

Stealing auto-fill data:

- Usernames and passwords
- Email
- Credit card details
- Personal addresses
- Payment information

Crypto related wallets:

- Cryptocom-Wallet
- Petra-aptos-wallet
- exodus-web3-wallet
- bitkeep-crypto-nft-wallet
- liquality-wallet
- ethos-sui-wallet
- suite-sui-wallet
- tallsman-polkadot-wallet
- Enkrypt-ethereum-polkadot
- leap-cosmos-wallet
- pontem-aptos-wallet
- fewcha-move-wallet
- rise-aptos-wallet
- teleport-wallet
- martin-wallet-aptos-sui
- avana-wallet-solana-wallet
- glow-solana-wallet-beta
- solflare-wallet

https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat
So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware.

This is why you just allow an application in to automatically run and install in your system, a decent antivirus is really needed, when i started going to a computer shop, almost all of their computers where infected with virus, they have antivirus but since they allow the application runs and allowed the antivirus can't do anything about it since its already been bypass.
Having an antivirus is a must, for computers who are into crypto, making the settings also sensitive to running applications is necessary, I saw other people who disable their antivirus to be able to run an application, without knowing what they are running in the first place.
Windows users are most prone for these types of attack, that is why hackers targeting windows users.
The best advice i can give for those people who always making mistakes is , don't click anything you don't know, because once they are inside there is no turning back, even if you have a back up, since these malwares were design to take over and steal anything in your computer and send it to their server.

[Jating]

^^ But if you read it, these malwares are so advance right now that they can detect everything, like if your system is in a sandbox. Or better, they will know what AV you run and they have the capability to disable it at anytime they want. Or they have stealth capability that even a decent anti-virus might not detect early before it's too late.

The lessons here is not to trust anything and anyone specially in the crypto space. If someone says that you have to download anything, then doubt that source and don't install or download it.

[Yaunfitda]

So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware.

It's bound to happen someday. People working with Windows are doomed to receive widespread surveillance from the manufacturer and regular attacks from hackers. Of course, hacker groups like Lazarus will not mess with small users, however, their partners do not disdain small prey. And most often, lovers of Windows systems fall for the bait. But in no way am I overestimating the merits of Linux systems, and the fact that they will be a panacea for viruses, nevertheless, the use of these systems and constant monitoring for security will become some guarantee.

Yes, if I'm not mistaken, I've read somewhere that 80% of all malwares/viruses has been written specific for Windows. Although I have been a MacBook users for years, hence not using Windows, sometimes I will still used it for my other laptops, but it doesn't have my crypto or anything crypto related on that machines.

As for this malwares, I guess education should be the number 1 priority if we are into crypto. And the old sayings that never download or click anything from any source still remains as one of the best advise that we can find in crypto space.

[Nwada001]

^^ But if you read it, these malwares are so advance right now that they can detect everything, like if your system is in a sandbox. Or better, they will know what AV you run and they have the capability to disable it at anytime they want. Or they have stealth capability that even a decent anti-virus might not detect early before it's too late.

Just imagine someone who is overly dependent on his or her paid anti-virus, looking at it as if they have the highest security measure activated in their windows, which gives them the right to access whatever site they feel like accessing without giving it a second thought, thinking that when they run into something dangerous, their anti-virus will alert them immediately, but instead the said Anti-virus can be disabled by what they were supposed to be protesting.

This is one of the reasons why, no matter how secure we feel about the device that we are using, whether Windows or Linux, if we have anything relating to finance, wallet storage, crypto login accounts, and all of that, we should avoid using such a device to visit the internet more often unless on specified sites that we have bookmark and regularly use, and also avoid clicking and opening links from an unknown sender or advertiser.