Introduction
Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here, here and here), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis.
To learn more about our crimeware reporting service, you can contact us at [email protected].
Acrid
Acrid is a new stealer found last December. Despite the name, it has nothing in common with the AcridRain stealer. Acrid is written in C++ for the 32-bit system, despite the fact that most systems are 64 bit these days. Upon closer inspection of the malware, the reason for compiling for a 32-bit environment became clear: the author decided to use the “Heaven’s Gate” technique. This allows 32-bit applications to access the 64-bit space to bypass certain security controls.
“Heaven’s Gate” technique implementation in Acrid stealer
In terms of functionality, the malware embeds the typical functionality one might expect from a stealer:
Stealing browser data (cookies, passwords, login data, credit ..
Support the originator by clicking the read the rest link below.
