A classy information-stealing malware named Anivia Stealer has emerged on underground boards, marketed by a menace actor often known as ZeroTrace.
The malware represents a harmful evolution in credential theft operations, particularly designed to compromise Home windows techniques from legacy XP installations by way of the most recent Home windows 11 environments.
Constructed utilizing C++17, Anivia Stealer incorporates superior evasion methods and complete knowledge exfiltration capabilities that pose important dangers to particular person customers and enterprise networks alike.
The malware’s promoting marketing campaign highlights its means to bypass Person Account Management mechanisms by way of computerized elevation methods, permitting it to execute privileged operations with out triggering safety warnings that sometimes alert customers to suspicious exercise.
KrakenLabs researchers recognized the menace actor’s promotional efforts throughout cybercriminal marketplaces, the place Anivia Stealer is being provided on a subscription mannequin starting from €120 for one month to €680 for lifetime entry.
Evaluation reveals that the stealer targets an intensive vary of delicate data together with browser credentials, authentication cookies, cryptocurrency wallets, messaging tokens, Native Safety Authority credentials, and system screenshots.
The malware maintains encrypted communication channels with its command-and-control infrastructure and options computerized replace capabilities to evade detection signatures.
🚨 New infostealer marketed: Anivia StealerThe malware developer #ZeroTrace is selling “Anivia Stealer”: a C++17 Home windows infostealer with internet panel. 🛠️ Claimed options embrace:• UAC bypass and auto-elevation• No dependencies required• Works XP → Home windows 11•… pic.twitter.com/rKyVSBcLu6— KrakenLabs (@KrakenLabs_Team) October 28, 2025
Risk intelligence means that Anivia Stealer might signify a rebrand or fork of the beforehand recognized ZeroTrace Stealer, with GitHub commit historical past and developer metadata linking each tasks to the identical malicious actor who has additionally distributed Raven Stealer.
UAC Bypass and Privilege Escalation Mechanisms
The core performance enabling Anivia Stealer’s effectiveness lies in its Person Account Management bypass implementation.
The malware exploits Home windows privilege escalation vectors to attain computerized elevation with out consumer interplay, successfully neutralizing one of many working system’s main safety boundaries.
This method permits the stealer to entry protected system areas, registry hives containing cached credentials, and reminiscence areas holding authentication secrets and techniques that may usually require administrative approval.
The malware’s declare of requiring no exterior dependencies suggests it packages all crucial exploitation code inside its binary, lowering forensic artifacts and simplifying deployment throughout various goal environments whereas complicating detection efforts by safety options.
Observe us on Google Information, LinkedIn, and X to Get Extra Prompt Updates, Set CSN as a Most well-liked Supply in Google.
