SYMBOLCOMMON_NAMEaka. SYNONYMS
win.acr_stealer (Back to overview)

ACR Stealer


First introduced in March 2024, ACR Stealer is an information stealer sold as a Malware-as-a-Service (MaaS) on Russian-speaking cybercrime forums by a threat actor named "SheldIO". Researchers posit that this malware is an evolved version of the GrMsk Stealer, which likely aligns with the private stealer that SheldIO has been selling since July 2023. The malware, written in C++, is compatible with Windows 7 through 10, and the seller manages all command and control (C2) infrastructure. ACR Stealer can harvest system information, stored credentials, web browser cookies, cryptocurrency wallets, and configuration files for various programs. Additionally, it employs the dead drop resolver (DDR) technique to obfuscate the actual C2 infrastructure.

References
2024-08-08cybleCyble Research Labs
Double Trouble: Latrodectus and ACR Stealer observed spreading via Google Authenticator Phishing Site
ACR Stealer Latrodectus
2024-07-23FortinetFortinet
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
ACR Stealer Lumma Stealer Meduza Stealer
2024-04-29Twitter (@sekoia_io)sekoia
@sekoia_io's tweet about the (not so) new infostealer, named ACR Stealer
ACR Stealer

There is no Yara-Signature yet.