win.acr_stealer (Back to overview)

ACR Stealer

ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024.

According to SheldIO’s statement, ACR Stealer is a ramification of a previous private MaaS program administered by the threat actor for a year and that was allegedly still maintained as of March 2024. analysts assess with high confidence that ACR Stealer is an evolved version of the GrMsk Stealer, which likely corresponds to the (previously unnamed) private stealer sold by SheldIO since July 2023.

2024-04-29Twitter (@sekoia_io)sekoia
@sekoia_io's tweet about the (not so) new infostealer, named ACR Stealer
ACR Stealer

There is no Yara-Signature yet.