"Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we were able to collect system fingerprints, monitor active sessions, and - in a twist that will surprise no one - steal cookies from the very infrastructure designed to steal them," CyberArk researcher Ari Novick said in a report published last week."
"StealC is an information stealer that first emerged in January 2023 under a malware-as-a-service (MaaS) model, allowing potential customers to leverage YouTube as a primary mechanism - a phenomenon called the YouTube Ghost Network - to distribute the malicious program by disguising it as cracks for popular software. Over the past year, the stealer has also been observed being propagated via rogue Blender Foundation files and a social engineering tactic known as FileFix."
"StealC, in the meantime, received updates of its own, offering Telegram bot integration for sending notifications, enhanced payload delivery, and a redesigned panel. The updated version was codenamed StealC V2. Weeks later, the source code for the malware's administration panel was leaked, providing an opportunity for the research community to identify characteristics of the threat actor's computers, such as general location indicators and computer hardware details, as well as retrieve active session cookies from their own machines."
A cross-site scripting (XSS) vulnerability exists in the web-based control panel used by operators of the StealC information stealer, enabling attackers to collect system fingerprints, monitor active sessions, and steal cookies from the panel. StealC first appeared in January 2023 as a malware-as-a-service (MaaS) offering and leveraged YouTube as a primary distribution mechanism via the YouTube Ghost Network by disguising malware as cracks for popular software. Propagation techniques over the past year included rogue Blender Foundation files and a social engineering tactic known as FileFix. StealC received updates adding Telegram bot integration for notifications, improved payload delivery, and a redesigned administration panel under the StealC V2 name. A subsequent leak of the administration panel source code exposed indicators of the threat actor's machines and allowed retrieval of active session cookies. Exact technical details of the XSS flaw have been withheld to limit mitigation by operators or misuse by others.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]