VERY IMPORTANT

In January 2025, researchers identified attacks distributing DarkCloud Stealer, an information stealer that has been active since 2022. The latest attack chain incorporates AutoIt for evasion and uses file-sharing servers to host the malware. The multi-stage payload employs obfuscated AutoIt scripting, making detection challenging. DarkCloud Stealer targets various sectors, with a focus on government organizations, and is distributed through email phishing campaigns. It steals sensitive data including browser information, credentials, and credit card details. The malware employs anti-analysis techniques and achieves persistence through registry modifications. This evolving threat highlights the importance of advanced detection and prevention methods.