ThreatLabz has released a report detailing StealC V2, a significant upgrade to the StealC information-stealing malware first seen in early 2023. StealC V2 features a redesigned control panel, expanded payload support (MSI, PowerShell, EXE), and improved RC4 encryption for network communication and string obfuscation. It can now deliver targeted payloads based on geolocation, hardware IDs, and installed software (e.g., crypto wallets, gaming apps). The malware includes multi-monitor screenshot capture, a unified file grabber, and server-side credential brute-forcing. It avoids execution on CIS language systems and checks for duplicate processes. While it lacks persistence, it's often deployed with other malware like Amadey. The StealC ecosystem involves version-controlled builder templates and enforced updates. ThreatLabz concludes that StealC V2 is actively developed, highly adaptable, and poses a significant threat due to its stealth and targeted information collection capabilities.

‍