Click here to steal. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 12 July 2025

⏱️ 27 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Today we are joined by ⁠Selena Larson⁠, Threat Researcher at ⁠Proofpoint⁠, and co-host of ⁠Only Malware in the Building⁠, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma. Complete our annual ⁠audience survey⁠ before August 31. The research can be found here: ⁠Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.2	Hey, everybody, Dave here.
0:14.5	I've talked about Delete Me before, and I'm still using it because it still works.
0:19.8	It's been a few months now, and I'm just as impressed today as I was when I signed up.
0:25.1	Delete me keeps finding and removing my personal information from data broker sites,
0:30.3	and they keep me updated with detailed reports,
0:33.0	so I know exactly what's been taken down.
0:36.0	I'm genuinely relieved knowing my privacy isn't something I have to worry about every day.
0:41.3	The Delete Me team handles everything.
0:43.8	It's the set it and forget it, peace of mind.
0:47.2	And it's not just for individuals.
0:49.2	Delete Me also offers solutions for businesses,
0:51.8	helping companies protect their employees' personal information
0:55.3	and reduce exposure to social engineering and fishing threats. And right now, our listeners get a special
1:02.0	deal, 20% off your DeleteMe plan. Just go to join deleteme.com slash N2K and use promo code N2K at checkout.
1:12.9	That's join delete me.com slash N2K code N2K.
1:18.1	Okay. Hello, everyone and welcome to the CyberWires Research Saturday.
1:35.5	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:40.1	tracking down the threats and vulnerabilities, solving some of the hard problems and protecting
1:45.3	ourselves in a rapidly evolving cyberspace. Thanks for joining us.
1:55.2	One of the main initial access vectors that we have been very closely tracking are web injects,
2:02.9	which of course are injects on legitimate but compromised websites that have been observed
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.