Summary

• Zscaler discovered a new information stealer called Statc Stealer.
• Statc Stealer is a sophisticated malware targeting Windows devices to steal sensitive information.
• The malware disguises itself as authentic Google ads (and .mp4 file) to infect systems.
• Stealing capabilities include data from web browsers, crypto wallets, credentials, and messaging apps including Telegram.
• Statc Stealer uses C++ code, evasion techniques, and encryption to hide its actions.
• The attack chain involves malvertising, dropper, downloader files, and PowerShell scripts.
• Stolen data is encrypted and sent to a command-and-control (C&C) server.
• Popular Windows browsers like Chrome, Edge, Brave, and others are targeted.