Tag: acr stealer

6 Attack Reports | 0 Vulnerabilities

Attack reports

2025 Cloud Threat Hunting and Defense Landscape

The report outlines key cloud security threats for 2025, highlighting exploitation of misconfigurations, cloud abuse, ransomware, credential theft, and third-party risks. Threat actors are increasingly leveraging legitimate cloud services for malicious purposes, including using AI/ML capabilities. …
ransomware
cloud security
acr stealer
threat landscape
credential abuse
fatalrat
lamehug
2026-02-19
ai/ml exploitation
cloud-native attacks
misconfigurations
saltwater
seaside
seaspy
third-party risk
Published: February 19, 2026
Linked vulnerabilities : CVE-2025-0282 (CVSS 9.0), CVE-2024-3400, CVE-2021-26855, CVE-2023-3519, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065, CVE-2025-61882 (CVSS 9.8), CVE-2021-43798, CVE-2023-2868, CVE-2023-7102
Downloadable IOCs: 3

The game is over: when “free” comes at too high a price. What we know about RenEngine

A widespread campaign is distributing the RenEngine loader malware disguised as pirated games and software. The loader uses a modified Ren'Py game engine to deliver payloads like Lumma and ACR stealers. It employs sophisticated techniques including sandbox evasion, process injection, and modular de…
loader
stealer
vidar
hijackloader
lumma
acr stealer
process injection
2026-02-11
pirated games
ren'py
renengine
Published: February 11, 2026
Downloadable IOCs: 0

EVALUSION Campaign Delivers Amatera Stealer and NetSupport...

The eSentire Threat Response Unit identified a malware campaign using ClickFix as an initial access vector to deploy Amatera Stealer and NetSupport RAT. Amatera Stealer is a rebranded version of ACR Stealer, with advanced evasion techniques like WoW64 SysCalls to bypass security solutions. It targe…
powershell
information theft
clickfix
acr stealer
netsupport rat
c2 communication
evasion techniques
crypto-wallets
amatera stealer
2025-11-18
Published: November 18, 2025
Downloadable IOCs: 1

Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

Proofpoint has identified Amatera Stealer, a rebranded version of ACR Stealer with enhanced capabilities and evasion techniques. Distributed via ClearFake website injects, it utilizes sophisticated attack chains and web injects. Amatera Stealer employs NTSockets for stealthy C2 communication, WoW64…
rhadamanthys
lumma stealer
malware-as-a-service
clickfix
acr stealer
information stealer
clearfake
2025-06-18
web injects
amatera stealer
ntsockets
wow64 syscalls
Published: June 18, 2025
Downloadable IOCs: 12

Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
malware
phishing
stealer
latrodectus
downloader
cybersecurity
acr stealer
2024-08-20
Published: August 20, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21412, CVE-2024-21893
Downloadable IOCs: 15

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…
malware
evasion
windows
stealer
CVE-2024-21412
injection
pdf
meduza stealer
2024-07-24
acr stealer
Published: July 24, 2024
Linked vulnerabilities : CVE-2024-21412
Downloadable IOCs: 27
Click here to see more Attack Reports