StealBit is a threatening tool that is part of the arsenal of the LockBit cybercriminal group. The threat is designed to scan the infected machines and exfiltrate sensitive or confidential information from them. This effectively allows the attackers to run a double-extortion scheme. First, they collect the victim's data and threaten to release it to the public or sell to it interested third parties. Then, the hackers deploy the LockBit Ransomware to the device and render the files stored on it inaccessible via a strong encryption algorithm.
StealBit is primarily designed for fast data exfiltration. The threat can be instructed to exclude data that is of no interest to the attackers, such as specific file types or folders. The behavior of the threat can be customized even further, by preventing it from uploading files that exceed a chosen file size or choosing a specific upload speed for the data exfiltration. It should be noted that StealBit has the ability to prevent Windows from showing certain alerts or error messages caused by its activity. However, so far, the threat is not able of closing all windows that its actions might trigger.
Cybersecurity experts have managed to identify several versions of the threat, each showing increased stealthiness and evasion capabilities. In addition, older versions included a geolocation check, preventing the threat from activating if certain countries are detected.