
StealBit malware: a variant to watch out for
StealBit 2.0 is a “stealers” family tool, used by Lockbit group to exfiltrate victim’s data to a Command & Control server. It starts after the exploit phase of the attack. To hide its activity from signature-based security solutions, the studied tool variant charge specific function through a non-official DLL call to network library.
Stormshield Endpoint Security Evolution solution is able, by default, to detect and block this kind of non-standard behavior before any damaged occurred. A protection built in the default policy since SES Evolution 2.1.0.