Find notable cyber news and cases, enriched with sources, timelines, and signals.

StealC FileFix phishing delivery chain

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The StealC malware is being delivered through a FileFix phishing chain that can execute malicious code on Windows victims. The lure uses a convincing multilingual fake Facebook Security page and anti-analysis obfuscation to push users into copying a malicious command into File Explorer. A multi-stage PowerShell sequence then fetches payloads from Bitbucket and launches a Go-based loader that unpacks shellcode to run StealC. The result is credential-theft malware execution with increased risk of endpoint compromise and stolen access data.

Related Happenings

Atomic Stealer (AMOS) macOS ClickFix Script Editor activity

Malware Activity
H score30 First: 09.04.2026 14:20 Last: 09.04.2026 14:20 Sources 1

About this happening: A **macOS** malware campaign has shifted its **ClickFix** execution flow to **Script Editor**, helping **Atomic Stealer (AMOS)** avoid the usual **Terminal** warning path. The cha...

Vidar Stealer 2.0 fake game-cheat distribution

Malware Activity
H score29 First: 18.03.2026 13:15 Last: 18.03.2026 13:15 Sources 1

About this happening: The **Vidar Stealer 2.0** malware is being spread through **fake game-cheat repositories** and **Reddit lures**, putting players seeking cheats for major online games at risk of *...

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
H score34 First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

MIMICRAT (aka AstarionRAT) ClickFix-delivered RAT activity

Malware Activity
H score22 First: 20.02.2026 13:55 Last: 20.02.2026 13:55 Sources 1

About this happening: The **MIMICRAT (aka AstarionRAT)** malware has been disclosed as a **ClickFix-delivered RAT** that enables **Windows token impersonation** and **SOCKS5 tunneling**, increasing the...

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
H score28 First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Timeline

  1. 16.09.2025 15:33 2 articles · 9mo ago

    FileFix phishing campaign delivers StealC malware

    Initial Disclosure

    Researchers said a new FileFix phishing campaign delivers StealC through a multilingual fake Facebook Security page that uses anti-analysis techniques and obfuscation, then persuades victims to paste a malicious command into File Explorer. The command launches a multi-stage PowerShell chain that downloads image content from Bitbucket, decodes the next-stage payload, and runs a Go-based loader that unpacks shellcode to execute StealC.

    Show sources