"StealC harvests browser credentials, email logins, cryptocurrency wallet data, and system information, enabling account takeover, fraud, and lateral movement. These risks are amplified by a multi-stage, largely in-memory infection chain that complicates detection and forensic analysis. The attack begins when a user visits an otherwise legitimate website that has been compromised by threat actors. Malicious JavaScript embedded in the site loads a fake CAPTCHA page that closely mimics Cloudflare's verification interface."
"Instead of presenting a visual challenge, the page instructs the user to press Windows Key + R, then Ctrl + V, and finally Enter, claiming these steps are necessary to complete the verification process. This approach, referred to as ClickFix, exploits the fact that users rarely question simple keyboard instructions when they believe they are interacting with a trusted security control."
Compromised legitimate websites load malicious JavaScript that displays a convincing Cloudflare-style CAPTCHA page and instructs users to press Windows Key + R, then Ctrl + V, and Enter to complete verification. A malicious PowerShell command is preplaced on the clipboard and executes when the victim follows the instructions. StealC operates as a multi-stage, largely in-memory infection chain that complicates detection and forensic analysis. The malware exfiltrates browser credentials, cryptocurrency wallets, Steam and Outlook credentials, system information, and screenshots to a command-and-control server using RC4-encrypted HTTP. Harvested data enables account takeover, fraud, and lateral movement within networks.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]