216.73.217.80

Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

· Published 18/06/2025 17:19 · Modified 23/06/2025 18:53

Export JSON

Essential information

Published
18/06/2025 17:19
Modified
23/06/2025 18:53
Tags
2025-06-18 acr stealer amatera stealer clearfake clickfix information stealer lumma stealer malware-as-a-service ntsockets rhadamanthys web injects wow64 syscalls
Related entities
12 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware

Description

Proofpoint has identified , a rebranded version of with enhanced capabilities and evasion techniques. Distributed via website injects, it utilizes sophisticated attack chains and . employs for stealthy C2 communication, to bypass user-mode hooking, and supports HTTPS requests. It focuses on stealing information from browsers, crypto wallets, and various software. The malware can also execute secondary payloads. is actively developed and sold as a , with subscription plans ranging from $199 to $1,499.

External references