Researchers Discover XSS Flaw in StealC Malware Control Panel Exposing Threat Actor Details

Researchers have identified a cross-site scripting (XSS) vulnerability in the control panel of the StealC malware, revealing details about an active malicious actor. StealC, an infostealer active since at least 2023, is distributed as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly exposed sensitive information. No further details on the impact or leaked data are provided.