DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities
Essential information
- Published
- 20/09/2025 11:44
- Modified
- 22/09/2025 19:41
- Tags
- 2025-09-20 data exfiltration deerstealer information-stealing multi-stage execution persistence rootkit stealth uac bypass xfiles spyware
- Related entities
- 1 others
Description
DeerStealer is a sophisticated information-stealing malware that targets a wide range of user and system data. It employs deception techniques, persistence mechanisms, and rootkit-like capabilities to evade detection and maintain stealth on compromised systems. The malware uses signed executables, legitimate DLLs, and multi-stage execution to perform its malicious activities. It establishes persistence through scheduled tasks and employs auto-elevated COM objects to bypass User Account Control. DeerStealer's adaptive design allows it to switch C2 servers and use obfuscated files for effective data exfiltration. The malware is actively sold and supported through dark-web forums and Telegram channels, posing a significant threat to both individuals and organizations.