Skip to main content


Home Stealc

Stealc

Also known as:

Category: Malware

Type: Information stealer, trojan, password-stealing virus, banking malware.

Platform: Windows

Variants: -

Damage potential: Stolen credentials, identity theft, fraudulent transactions, financial loss.

Overview

Stealc is an advanced information-stealing malware that has been active since 2023. It's typically sold on Russian-speaking dark web forums as malware-as-a-service. The malware's presumed developer, Plymouth, describes Stealc as a non-resident stealer with flexible data collection settings. It was developed based on the models of other prominent stealers, such as Raccoon, Mars, Vidar, and Redline.

Stealc is mainly used to steal sensitive data collected from web browsers, extensions, and various applications, including crypto wallets, messengers, and email clients. The malware communicates in the C programming language and uses a customizable file grabber to snatch the targeted files. Using the stolen credentials, cybercriminals unlock the target’s accounts to make transactions or send spam emails to spread the malware further.

Possible symptoms

Since Stealc collects and sends information, it often causes an unusual increase in disk and network activity. Other possible symptoms include:

  • Inability to start the computer in safe mode.
  • Sudden system crashes.
  • Slower computer performance than usual.
  • Trouble logging into your accounts, even if your credentials are correct.
  • Unexpected account activities, such as changed settings and passwords, or unrecognized messages in your Sent folder.

Sources of infection

Like most other types of malware, Stealc spreads through infected email attachments, malicious ads, pirated software, and P2P (peer-to-peer) sharing of malware-ridden files.

Protection

You can protect yourself from Stealc and similar threats by being cautious online:

  • Don’t open files or links in suspicious emails, especially from unknown senders.
  • Only download software from official websites.
  • Scan downloaded files for malware and hide harmful ads with NordVPN’s Threat Protection Pro™.
  • Make sure your operating system and all software are updated.
  • Enable multi-factor authentication (MFA) to prevent cybercriminals from accessing your accounts, even if they stole your passwords.

Removal

If you think your device might be infected by Stealc, use a reliable antivirus solution to detect and remove the threat:

  • Run a full system scan.
  • Follow the steps suggested by your antivirus software.
  • Run a post-removal scan to ensure no traces are left.