CoreTechDaily

Cybersecurity Breakthrough: Researchers Exploit Malware Control Panels

CyberArk's findings on StealC's control panel reveal critical insights into hacker operations and victim data.

Updated Jan 19, 2026
Tags:ResearchmalwarecybersecurityStealCInfostealer
Cybersecurity Breakthrough: Researchers Exploit Malware Control Panels
Andrew Wallace

Andrew Wallace

Professional Tech Editor

Focuses on professional-grade hardware, software, and enterprise solutions.

  • CyberArk exploited StealC’s control panel via source leak and XSS flaw
  • Researchers exposed attacker “YouTubeTA,” who stole 390,000 passwords and 30M cookies
  • Findings may disrupt StealC operations by attracting further scrutiny and attacks

Cybersecurity researchers have successfully infiltrated the web-based control panel of the StealC infostealer, uncovering vital information about its operations, including details about both the attackers and their victims.

StealC is a widely used infostealer malware that emerged a few years ago and has since become a staple in the cybercriminal landscape.

This malware is capable of collecting and exfiltrating sensitive data such as web browser credentials, cookies, system information, messaging app and email data, as well as cryptocurrency wallet details. It features modular targeting, stealthy execution, and flexible command-and-control communications.

Doxxing Victims

Researchers from CyberArk discovered two methods to access the control panel: a source code leak from April 2025 and a cross-site scripting (XSS) vulnerability they identified.

“By exploiting the vulnerability, we were able to identify characteristics of the threat actor’s computers, including general location indicators and hardware details,” the researchers stated. “Additionally, we retrieved active session cookies, allowing us to control sessions from our own machines.”

The report highlights one threat actor, referred to as “YouTubeTA,” who used stolen credentials to access legitimate YouTube channels and distribute links for the malware. This campaign yielded YouTubeTA over 5,000 victim logs, 390,000 passwords, and 30 million cookies.

CyberArk found that the attacker operated from an Apple M3-based device, with English and Russian language settings. The time zone was set to Eastern Europe, and they logged in from Ukraine on at least one occasion. Typically, cybercriminals use a VPN to hide their tracks, but this individual neglected to do so once, revealing their IP address linked to the Ukrainian ISP TRK Cable TV.

By publicizing this information, CyberArk aims to encourage other entities, both benign and malicious, to target StealC, potentially disrupting its operations.

Via BleepingComputer

React to this story

Related Posts

Understanding the Risks of Hijacked .arpa Domains in Phishing Scams

Mar 2, 2026

Understanding the Risks of Hijacked .arpa Domains in Phishing Scams

Learn how hackers exploit .arpa domains for phishing attacks, and what you can do to protect yourself.

How Cybercriminals Are Using Women for Social Engineering Scams

Mar 2, 2026

How Cybercriminals Are Using Women for Social Engineering Scams

Discover how cybercriminals are recruiting women to enhance their social engineering scams, offering significant pay and targeting major companies.

Concerns Over Lovable's Malware-Ridden Apps: What Users Need to Know

Mar 2, 2026

Concerns Over Lovable's Malware-Ridden Apps: What Users Need to Know

Lovable's coding service faces accusations of hosting malware, prompting developers to reassess their app security practices.

How Cloud Migration Supports AI Opportunities for Businesses

Mar 1, 2026

How Cloud Migration Supports AI Opportunities for Businesses

Explore the critical steps in cloud migration that enable businesses to leverage AI effectively, including governance and security.