Contact
OpenCTI Live Threat Report Feed

Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

NetmanageIT OpenCTI - opencti.netmanageit.com

Daniel Bender

1 min read
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication



SUMMARY :

Proofpoint has identified Amatera Stealer, a rebranded version of ACR Stealer with enhanced capabilities and evasion techniques. Distributed via ClearFake website injects, it utilizes sophisticated attack chains and web injects. Amatera Stealer employs NTSockets for stealthy C2 communication, WoW64 Syscalls to bypass user-mode hooking, and supports HTTPS requests. It focuses on stealing information from browsers, crypto wallets, and various software. The malware can also execute secondary payloads. Amatera Stealer is actively developed and sold as a malware-as-a-service, with subscription plans ranging from $199 to $1,499.

OPENCTI LABELS :

information stealer,rhadamanthys,lumma stealer,malware-as-a-service,clickfix,acr stealer,clearfake,amatera stealer,ntsockets,web injects,wow64 syscalls


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication