DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
In January 2025, researchers identified attacks distributing DarkCloud Stealer, an information stealer that has been active since 2022. The latest attack chain incorporates AutoIt for evasion and uses file-sharing servers to host the malware. The multi-stage payload employs obfuscated AutoIt scripting, making detection challenging. DarkCloud Stealer targets various sectors, with a focus on government organizations, and is distributed through email phishing campaigns. It steals sensitive data including browser information, credentials, and credit card details. The malware employs anti-analysis techniques and achieves persistence through registry modifications. This evolving threat highlights the importance of advanced detection and prevention methods.
OPENCTI LABELS :
phishing,obfuscation,autoit,information stealing,anti-analysis,multi-stage payload,darkcloud stealer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt