Stealth Soldier is a malicious software that carries out surveillance and exfiltration of data. This malware has multiple functionalities for these purposes.
We have observed Stealth Soldier being implemented in espionage attacks targeting Libyan organizations. Evidence links the Command and Control (C&C) network of Stealth Soldier to phishing operations. Additionally, similarities exist between this infrastructure and other active malicious campaigns in North Africa.
Overview of the Stealth Soldier malware
At present, Stealth Soldier actively maintains its malware, with at least nine versions available. The infection chains following infiltration remain largely the same, although the final configuration varies. This suggests that Stealth Soldier’s attacks are highly targeted and adaptable.
Across the variants of this malware, the infection chain begins by launching a downloader. While a deceptive PDF document is displayed as a diversion, a loader component is downloaded in the background.
The loader introduces the “PowerPlus” module and executes the final payload. PowerPlus is designed to execute PowerShell commands and ensure the persistence of the “Watchdog” module. Watchdog performs periodic checks for updated versions of the loader.
The key difference between Stealth Soldier’s variants lies in the configuration of the final payload, including its modules and plug-ins. The goal of the payload is to steal victims’ data.
The latest variant initiates its operations by collecting device/system data, such as hostname, username, drive names and types (e.g., fixed, removable), free disk space, and more. Stealth Soldier has the ability to download and upload files, enabling content exfiltration and infiltration of additional malicious components.
The software can also gather directory information, including filenames, types, formats, activity dates, sizes, permissions, and other file-related data. Furthermore, Stealth Soldier can access the device’s microphone to record audio, take screenshots or record the screen, and even perform keylogging to record victim’s keystrokes.
The newest variant of Stealth Soldier targets browser data, a functionality not found in previous versions. The information of interest may include browsing activity, Internet cookies, account log-in credentials, personally identifiable details, credit card numbers, and more.
It is important to note that malware developers continually improve their creations, and given Stealth Soldier’s active maintenance and customizable nature, new iterations are likely to introduce additional or different features.
To summarize, the presence of software like Stealth Soldier on devices can lead to multiple system infections, severe privacy issues, financial losses, and identity theft. Espionage-oriented malware can cause significant damage when used against highly sensitive entities.
How did Stealth Soldier infiltrate my computer?
Due to its connections to a phishing infrastructure, it is not unlikely that Stealth Soldier proliferates through spam mail. Deceptive emails and messages often contain infectious files as attachments or download links.
These files can be in various formats, such as documents (PDF, Microsoft Office, Microsoft OneNote, etc.), archives (ZIP, RAR, etc.), executables (.exe, .run, etc.), JavaScript, and more. Opening or executing a malicious file triggers the infection chain.
Stealth Soldier may also be distributed using other techniques. The most common methods for spreading malware include malicious attachments and links in spam mail, stealthy/deceptive drive-by downloads, dubious download sources (e.g., freeware and third-party websites, Peer-to-Peer sharing networks), illegal software activation tools (“cracks”), fake updates, online scams, and malvertising.
Some malicious programs can even self-spread through local networks and removable storage devices, such as external hard drives and USB flash drives.
How to avoid malware installation?
Exercising caution with incoming emails and messages is crucial. We strongly recommend against opening attachments or clicking on links in suspicious or irrelevant mail, as they can contain malware. Similarly, it is essential to be vigilant while browsing, as fake and malicious online content often appears genuine and harmless.
Furthermore, all downloads should be done from official and verified channels. It is advisable to activate and update programs using legitimate functions and tools, as illegal activation tools and third-party updaters can carry malware.
We emphasize the importance of installing a reliable antivirus software and keeping it updated. Regular system scans should be performed using this software to detect and remove any identified threats or issues. If you suspect that your computer is already infected, we recommend running a scan with Gridinsoft Anti-Malware to automatically eliminate infiltrated malware.
| Name | Stealth Soldier |
| Detection | Trojan:Win32/Casdet!rfn |
| Damage | Exploits your hardware to mine cryptocurrencies without your permission. |
| Fix Tool | See If Your System Has Been Affected by Stealth Soldier Virus |
How to remove the Stealth Soldier from my PC?
Stealth Soldier malware is very hard to eliminate by hand. It puts its documents in a variety of locations throughout the disk, and can recover itself from one of the elements. Additionally, numerous changes in the registry, networking settings and Group Policies are fairly hard to find and return to the original. It is far better to use a specific app – exactly, an anti-malware program. GridinSoft Anti-Malware will fit the best for malware elimination goals.
Why GridinSoft Anti-Malware? It is very light-weight and has its detection databases updated practically every hour. Furthermore, it does not have such problems and vulnerabilities as Microsoft Defender does. The combination of these facts makes GridinSoft Anti-Malware suitable for getting rid of malware of any kind.
Remove the Stealth Soldier with GridinSoft Anti-Malware
- Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
- Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
- When the scan is over, you may choose the action for each detected virus. For all files of Stealth Soldier the default option is “Delete”. Press “Apply” to finish the malware removal.
How to Remove Stealth Soldier Malware
Name: Stealth Soldier
Description: At present, Stealth Soldier actively maintains its malware, with at least nine versions available. The infection chains following infiltration remain largely the same, although the final configuration varies. This suggests that Stealth Soldier's attacks are highly targeted and adaptable. Across the variants of this malware, the infection chain begins by launching a downloader. While a deceptive PDF document is displayed as a diversion, a loader component is downloaded in the background.
Operating System: Windows
Application Category: Malware
