DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

Sept. 22, 2025, 7:41 p.m.

Description

DeerStealer is a sophisticated information-stealing malware that targets a wide range of user and system data. It employs deception techniques, persistence mechanisms, and rootkit-like capabilities to evade detection and maintain stealth on compromised systems. The malware uses signed executables, legitimate DLLs, and multi-stage execution to perform its malicious activities. It establishes persistence through scheduled tasks and employs auto-elevated COM objects to bypass User Account Control. DeerStealer's adaptive design allows it to switch C2 servers and use obfuscated files for effective data exfiltration. The malware is actively sold and supported through dark-web forums and Telegram channels, posing a significant threat to both individuals and organizations.

External References

https://www.cyfirma.com/research/deerstealer-malware-campaign-stealth-persistence-and-rootkit-like-capabilities
https://otx.alienvault.com/pulse/68ce938ae34f725fce8b67a4
Tags
rootkit
persistence
information-stealing
deerstealer
data-exfiltration
stealth
uac-bypass
2025-09-20
multi-stage-execution
xfiles spyware

Date

  • Created: Sept. 20, 2025, 11:44 a.m.
  • Published: Sept. 20, 2025, 11:44 a.m.
  • Modified: Sept. 22, 2025, 7:41 p.m.

Additional Informations

  • AV EMPTY REPORT