CyberWire Daily Click here to steal. [Research Saturday]
12 snips
Jul 12, 2025 Selena Larson, a Threat Researcher at Proofpoint and co-host of Only Malware in the Building, dives deep into the world of Amatera Stealer, a sophisticated rebranding of ACR Stealer. She reveals its advanced evasion techniques, including stealthy C2 communication and powerful PowerShell loaders. The discussion uncovers how Amatera employs creative social engineering and blockchain hosting to steal sensitive data, posing serious threats amid changing cybersecurity landscapes. Larson emphasizes the importance of heightened awareness and evolving defenses against such malware threats.
AI Snips
Chapters
Transcript
Episode notes
Amatera As Rebranded ACR Stealer
- The Amatera Stealer is a rebranded and updated variant of the ACR Stealer with improved evasion and sophistication.
- It reflects the dynamic and rapidly evolving landscape of information stealers with new delivery mechanisms and anti-analysis features.
Educate About Click-Fix Technique
- Train users about the click-fix technique which tricks victims into running PowerShell commands.
- Awareness of evolving social engineering like fake captchas is critical to prevent infection.
Ether Hiding via Blockchain Smart Contracts
- Ether Hiding uses blockchain-based smart contracts to store malicious JavaScript outside traditional web injects.
- This enables easy updates by attackers and complicates takedown or detection efforts.