A particularly insidious form of malware, an infostealer is a program that is designed to quietly infect a system and run discreetly in the background to secretly steal sensitive data like passwords or chat logs and send them back to hackers. A new malicious software, ACRStealer, identified by AhnLab Security Intelligence Center (ASEC) has been found to be infecting legitimate and trusted platforms such as Google Docs in order to infect users.
ASEC says that ACRStealer was first introduced in June 2024 but they expect to see a sharp rise in distribution as hackers successfully manage to use trusted platforms like Google Docs, Steam and telegra.ph to infect systems. Like other infostealers, ACRStealer will typically infect a system via a phishing email, a malicious attachment or a compromised website, but can also be disguised as an illegal program like cracks or keygens.
ACRStealer is sold as a malware as a service (MaaS) and is capable of stealing a variety of personal information including cryptocurrency wallets, stored credentials, chat logs, browser cookies, password managers, databases, VPN information, emails, remote access program details and FTP credentials.
It uses a specific page of a legitimate web platform service – in this case Google or Steam – as an intermediary C2, instead of hardcoding the command-and-control address directly in the malware. In a method called Dead Drop Resolver (DDR), the attackers will encode the real C2 domain in Base64, then the malware will retrieve it and decode it for further malicious actions.
How to stay safe from infostealing malware
Because one of the main ways that infostealers are spread is through illegal software, make sure that you are only downloading software through legitimate websites and sources. Be cautious if anyone sends you a link to download software from any unknown or unexpected sources. Know the signs of phishing emails and attacks and how to avoid them, and never click on unexpected links or attachments.
Protect yourself and your system by making sure that your system has up to date antivirus software installed and running – some of the best antivirus software includes a rollback feature that can restore your system to a previous state if malware causes issues or instability. Use a VPN and multi-factor authentication whenever possible.
More from Tom's Guide
- Chase will start blocking Zelle payments to social media accounts to cut down on fraud
- Macs under attack from dangerous malware targeting digital wallets and Apple’s Notes app — how to stay safe
- Yes, you can use your browser's password manager – here’s how to do it safely
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
