New Variant of ACRStealer Actively Distributed with Modifications

Description

A modified version of the ACRStealer infostealer is being actively distributed, featuring enhanced detection evasion and analysis obstruction techniques. The malware uses the Heaven's Gate technique for executing x64 code in WoW64 processes and implements low-level NT functions for C2 communications. It employs domain disguising, self-signed certificates, and data encryption. Recent variants have introduced random string paths for exfiltration and changed the configuration request method. ACRStealer, now rebranded as AmateraStealer, can steal sensitive information from various sources and install additional malware. The ongoing feature updates make it one of the most active infostealer variants, posing a significant threat to users.