Cybersecuritynews
New ACRStealer Variant Enhances Evasion Techniques and Threat Level
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A newly identified variant of ACRStealer is actively being deployed by HijackLoader, utilizing advanced techniques to evade detection and maximize data theft. This variant employs low-level syscall evasion, AFD-based networking, and encrypted TLS communication for command and control (C2). It is a rebranded version of a previously known ACRStealer variant linked to the Amatera Stealer. The attack method allows for flexible secondary payload delivery, increasing its effectiveness against targeted systems. As of March 16, 2026, the threat remains active, with ongoing concerns about its impact on various organizations. Specific numbers of affected systems or data breaches have not been disclosed in the articles. Security professionals are urged to remain vigilant against this evolving threat.
Key Points: • The new ACRStealer variant uses syscall evasion and TLS for C2 communication. • It is deployed by HijackLoader and is a rebranded version of the Amatera Stealer. • The threat is currently active with no specific numbers on affected systems reported.