Binary Defense has regularly covered info stealer malware. While the user experience for Stealc seems to be particularly well developed and therefore lends itself to rapid adoption as a Malware as a Service offering (MaaS), the techniques and behaviors this malware uses are not novel. Keeping Detection and Response systems (EDR/MDR/XDR/etc.) up-to-date will go a long ways discovering campaigns like this. Additionally, netflow analysis and DNS monitoring can help detect C2 and exfiltration activity. This requires analysts to have an understanding of baseline user behavior for comparison, but could be especially effective for Stealc since it sends data as it’s identified for exfiltration instead of as bulk uploads that are more easily detected by turnkey Data Loss Prevention (DLP) solutions. Lastly, companies should avoid storing secrets, such as credentials, in the browser, and instead leverage password managers to prevent credential theft and potential domain takeover.
https://thehackernews.com/2023/02/researchers-discover-dozens-samples-of.html
https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/
