The Reveal Platform
Intel Name: Amatera stealer: rebranded acr stealer with improved evasion, sophistication
Date of Scan: June 20, 2025
Impact: High
Summary: Our team has identified a newly rebranded information stealer named Amatera Stealer, derived from ACR Stealer and delivered through complex web inject-based attack chains. Much of its code overlaps with known ACR Stealer samples, and it is currently offered as a malware-as-a-service (MaaS) and remains under active development. Recent versions of Amatera Stealer feature enhanced anti-analysis techniques and have moved away from using Steam/Telegram as dead drops for C2 communication. As stealer malware continues to gain traction, timely detection, reverse engineering, and analysis are essential for defense.
