Kaspersky Shed Light on the Latest Evolution of Acrid, ScarletStealer and Sys01 Anti-Theft Software

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered three new thieves in the ongoing war against cyber threats. These consist of Acrid, ScarletStealer and an advanced form of Sys01. These findings are explained in detail in the latest report, which sheds light on the evolving tactics of cyber criminals.

Discovered in December last year, Acrid emerged as a new player in the theft scene. Acrid is a “Heaven’s Gate†that provides access to 64-bit space and bypasses security measures, despite its 32-bit architecture, which is rare in today’s predominantly 64-bit environment. He uses € technique. This technique exhibits typical theft functions such as theft of browser data, theft of cryptocurrency wallets, and file exfiltration. Although it offers a moderately sophisticated structure with its String Encryption feature, Acrid draws attention with its lack of groundbreaking features.

ScarletStealer, detected by the analysis of the Penguish downloader, has a different structure than traditional thieves. Rather than stealing data directly, ScarletStealer downloads additional executable files that predominantly target cryptocurrency wallets. While it is noteworthy that ScarletStealer’s executables are digitally signed, consider its underdeveloped functionality and numerous flaws unnecessary when it comes out It looks like an application. Despite its shortcomings, ScarletStealer’s victims are spreading globally, especially in Brazil, Turkey and the USA.

It turns out that Sys01, previously known as Album Stealer or S1deload Stealer, has undergone a transformation by blending C# and PHP payloads. The infection vector remains consistent and tempts users with malicious ZIP archives disguised as adult content. This latest iteration, called Newb, showcases split functionality with browser data collection separated into a separate module called imageclass. Although the victims of the campaign are concentrated in Algeria, the worldwide reach of the threat is underlined.

Kaspersky GReAT Security Research Leader Tatyana Shishkovasays: “The emergence of these new thieves has left the criminal underworld hungry for tools that facilitate data theft. It is a striking reminder of the demand. Due to the potential for dire consequences such as financial losses and privacy breaches, it is imperative that both individuals and organizations remain vigilant against these threats and take proactive cybersecurity measures. Users like SystemWatcher help keep software up to date, be careful when downloading files and opening attachments, and defend against ever-evolving threats. lam We strongly recommend exploring security solutions.â€

Kaspersky recommends the following to combat financial threats:

• Create offline backups that intruders can’t tamper with. Make sure you can access them quickly in an emergency if needed.
• Install ransomware protection for all endpoints. Pre-installed security protection that prevents exploits and protects computers and servers against ransomware and other types of malicious software Compatible with solutions The free Kaspersky Anti-Ransomware Tool for Business can be used for this purpose.
• Use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control to minimize the possibility of crypto miners operating. Behavioral analysis helps quickly detect malicious activity, while vulnerability and patch manager protects from crypto miners exploiting vulnerabilities.