In January 2025, researchers identified attacks distributing DarkCloud Stealer, an information stealer that has been active since 2022. The latest attack chain incorporates AutoIt for evasion and uses file-sharing servers to host the malware. The multi-stage payload employs obfuscated AutoIt scripting, making detection challenging. DarkCloud Stealer targets various sectors, with a focus on government organizations, and is distributed through email phishing campaigns. It steals sensitive data including browser information, credentials, and credit card details. The malware employs anti-analysis techniques and achieves persistence through registry modifications. This evolving threat highlights the importance of advanced detection and prevention methods. Author: AlienVault
Related Tags:
DarkCloud Stealer
anti-analysis
T1566.001
information stealing
Obfuscation
T1555
T1528
Poland
T1539
Associated Indicators:
BF3B43F5E4398AC810F005200519E096349B2237587D920D3C9B83525BB6BAFC
1269C968258999930B573682699FE72DE72D96401E3BEB314AE91BAF0E0E49E8
30738450F69C3DE74971368192A4A647E4ED9C658F076459E42683B110BAF371