Advertisement · 728 × 90
#
Hashtag
#stealCV2
Advertisement · 728 × 90
ReconBee
ReconBee
@reconbee.bsky.social
4 months ago
Preview
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware infect them with StealC and Pyramid C2 read more about Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware reconbee.com/hackers-hija...

#hackers #hijack #stealCV2 #datastealing #DataSecurity #DataProtection #cyberattack

0 0 0 0
Brad
Brad
@malware-traffic-analysis.net
7 months ago
Fake CAPTHA page generated by SmartApeSG script injected into compromised website.

Fake CAPTHA page generated by SmartApeSG script injected into compromised website.

ClickFix instructions from the fake CAPTCHA page.

ClickFix instructions from the fake CAPTCHA page.

Traffic from the infection filtered in Wireshark.

Traffic from the infection filtered in Wireshark.

Script and traffic to download and run MSI file to install NetSupport RAT

Script and traffic to download and run MSI file to install NetSupport RAT

2025-08-20 (Wed): #SmartApeSG for fake #CAPTCHA page with #ClickFix instructions that led to an MSI file for #NetSupport #RAT and the #NetSupportRAT infection led to #StealCv2. Malware samples, a #pcap, and indicators at www.malware-traffic-analysis.net/2025/08/20/i...

5 3 0 0
Brad
Brad
@malware-traffic-analysis.net
9 months ago
HTML source of page from legitimate but compromised site showing SmartApeSG injected script.

HTML source of page from legitimate but compromised site showing SmartApeSG injected script.

Example of a ClickFix-style page caused by the injected SmartApeSG script. A victim must click to get the popup and follow the instructions to paste and run the malicious script.

Example of a ClickFix-style page caused by the injected SmartApeSG script. A victim must click to get the popup and follow the instructions to paste and run the malicious script.

Traffic from an infection filtered in Wireshark. This shows the NetSupport RAT C2 traffic and StealC v2 traffic.

Traffic from an infection filtered in Wireshark. This shows the NetSupport RAT C2 traffic and StealC v2 traffic.

2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2

A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....

Today's the 12th anniversary of my blog, so I made this post a bit more old school.

11 5 1 0
@matricedigitale.bsky.social
11 months ago
Post image

StealC V2 introduce modularità avanzata, cifratura RC4 e targeting dinamico: analisi tecnica del malware stealer più attivo del dark web

#botnet #buildermalware #MaaS #malwarestealer #rc4 #Stealc #StealCV2 #ZscalerThreatLabz
www.matricedigitale.it/sicurezza-in...

0 0 0 0
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲
@netresec.infosec.exchange.ap.brid.gy
11 months ago
StealC v2 and Aurotun Stealer traffic to 62.60.226.114 in PCAP file from tria.ge

StealC v2 and Aurotun Stealer traffic to 62.60.226.114 in PCAP file from tria.ge

StealC v2 and Aurotun Stealer seem to be interconnected. They are sometimes deployed as part of the same infection chain and share C2 infrastructure. Like in this malware run:
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]

[Original post on infosec.exchange]

0 0 0 0