Rising Threat of Information Stealers: New Malware Campaigns Exploit Cracked Software and MSC Files
Cybersecurity Alert: Surge in Malware Campaigns Targeting Software Users
Feb 24, 2025 – By Ravie Lakshmanan
In an alarming trend, cybersecurity experts are raising red flags over a new malware campaign that preys on users seeking cracked software versions, subsequently delivering information-stealing trojans such as Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) has reported a significant uptick in ACR Stealer incidents since January 2025, with hackers employing advanced techniques to outsmart defenses.
ACR Stealer utilizes a method known as “dead drop resolver,” extracting command-and-control (C2) server addresses via legitimate platforms like Steam and Google Forms. “Threat actors encode the C2 domain in Base64 on a specific web page,” ASEC revealed. “The malware decodes this to execute malicious actions,” heightening the challenge for security protocols.
The malware has evolved from earlier distributions via Hijack Loader, now capable of siphoning vast amounts of sensitive information, including browser data and cryptocurrency wallets. ASEC also highlighted another disturbing development: the emergence of files with an "MSC" extension, designed to exploit vulnerabilities in Microsoft’s Management Console, unleashing the Rhadamanthys stealer upon execution.
This threat landscape is compounded by a recent Hudson Rock report indicating that over 30 million systems have fallen victim to such stealers in recent years, resulting in the theft of vital corporate credentials. With cybercriminals offering stolen access for a mere $10, the implications for sensitive sectors are grave, especially within defense and military domains.
As malware tactics continue to diversify, experts urge organizations to enhance their cybersecurity measures. The rise in these sophisticated threats underscores a vital need for vigilance in digital environments, where compromised credentials can lead to catastrophic breaches.