Skip to main content

Woburn, MA – May 22, 2024 – Kaspersky's Global Research and Analysis Team (GReAT) has shared its discovery of three new stealers: Acrid, ScarletStealer, and an evolved form of Sys01. The findings are detailed in Kaspersky’s latest report shedding light on the evolving tactics of cybercriminals.

Discovered in December of last year, Acrid emerges as a fresh addition to the stealer landscape. Despite its 32-bit architecture, a rarity in today's predominantly 64-bit environment, Acrid leverages the "Heaven's Gate" technique, enabling access to 64-bit space and circumventing security measures. It exhibits typical stealer functionalities, including browser data theft, cryptocurrency wallet pilferage, and file exfiltration. While moderately sophisticated with string encryption, Acrid lacks groundbreaking features.

ScarletStealer, identified alongside the analysis of the Penguish downloader, diverges from traditional stealers. Instead of directly stealing data, it downloads additional executables, predominantly targeting cryptocurrency wallets. Notably, ScarletStealer's executables are digitally signed, a redundant practice considering its underdeveloped functionality and numerous flaws. Despite its shortcomings, ScarletStealer's victims span the globe, with concentrations in the U.S., Brazil and Turkey.

Previously known as Album Stealer or S1deload Stealer, Sys01 has undergone a transformation, blending C# and PHP payloads. Its infection vector remains consistent, enticing users with malicious ZIP archives disguised as adult content. This latest iteration, named Newb, showcases divided functionality, with browser data collection segregated into a separate module called imageclass. The campaign's victims, widespread but concentrated in Algeria, underscore the threat’s worldwide reach.

“The emergence of these new stealers serves as a stark reminder of the insatiable demand within the criminal underworld for tools facilitating data theft,” said Tatyana Shishkova, lead security researcher at Kaspersky’s GReAT. “With the potential for dire consequences such as financial losses and privacy breaches, it's imperative for individuals and organizations alike to remain vigilant and adopt proactive cybersecurity measures. Kaspersky strongly advises maintaining up-to-date software, exercising caution during file downloads and attachment openings, and exploring robust security solutions like SystemWatcher to fortify defenses against ever-evolving threats.”

To learn more about the newly discovered stealers, visit

In order to prevent financially motivated threats, Kaspersky recommends:

  • Set up offline backups that intruders cannot tamper with. Make sure you can quickly access them in an emergency.
  • Install ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevent exploits, and is compatible with pre- installed security solutions.
  • To minimize the likelihood that crypto-miners will be launched, use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control; behavior analysis helps quickly detect malicious activity, while vulnerability and patch manager protects from crypto-miners that exploit vulnerabilities.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at

Media Contact

Sawyer Van Horn

(781) 503-1866

Kaspersky uncovers new stealers: Acrid, ScarletStealer, and Sys01's latest evolution

Kaspersky Logo