Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

StealC FileFix phishing delivery chain

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The StealC malware is being delivered through a FileFix phishing chain that can execute malicious code on Windows victims. The lure uses a convincing multilingual fake Facebook Security page and anti-analysis obfuscation to push users into copying a malicious command into File Explorer. A multi-stage PowerShell sequence then fetches payloads from Bitbucket and launches a Go-based loader that unpacks shellcode to run StealC. The result is credential-theft malware execution with increased risk of endpoint compromise and stolen access data.

Related Happenings

Vidar Stealer 2.0 fake game-cheat distribution

Malware Activity
First: 18.03.2026 13:15 Last: 18.03.2026 13:15 Sources 1

About this happening: The **Vidar Stealer 2.0** malware is being spread through **fake game-cheat repositories** and **Reddit lures**, putting players seeking cheats for major online games at risk of *...

Open Happening

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Open Happening

MIMICRAT (aka AstarionRAT) ClickFix-delivered RAT activity

Malware Activity
First: 20.02.2026 13:55 Last: 20.02.2026 13:55 Sources 1

About this happening: The **MIMICRAT (aka AstarionRAT)** malware has been disclosed as a **ClickFix-delivered RAT** that enables **Windows token impersonation** and **SOCKS5 tunneling**, increasing the...

Open Happening

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Open Happening

Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse

Malware Activity
First: 12.02.2026 16:25 Last: 12.02.2026 16:25 Sources 1

About this happening: **Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through multiple delivery paths, including **fraudulent GitHub repositories**, **SEO poisoning**, **malvert...

Open Happening

Timeline

  1. 16.09.2025 15:33 2 articles · 8mo ago

    FileFix phishing campaign delivers StealC malware

    Initial Disclosure

    Researchers said a new FileFix phishing campaign delivers StealC through a multilingual fake Facebook Security page that uses anti-analysis techniques and obfuscation, then persuades victims to paste a malicious command into File Explorer. The command launches a multi-stage PowerShell chain that downloads image content from Bitbucket, decodes the next-stage payload, and runs a Go-based loader that unpacks shellcode to execute StealC.

    Show sources
    Open in new tab