Stealer
| 08.05.2025 | StealC | I StealC You: Tracking the Rapid Changes To StealC | MALWARE | Steal |
| 08.05.2025 | COLDRIVER | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | MALWARE | Steal |
| 01.11.2023 | LIONTAIL | FROM ALBANIA TO THE MIDDLE EAST: THE SCARRED MANTICORE IS LISTENING | MALWARE | Steal |
| 25.05.2023 | JackalSteal | An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server. | MALWARE | Steal |
| 3.4.23 | HookSpoofer | The Uptycs Threat Research Team has discovered a new infostealer. Spread by multiple bundlers and new on cybercrime forums, HookSpoofer has keylogging and clipper abilities. (A bundler combines two or more files in a single package.) It sends its stolen data to a Telegram bot. | MALWARE | Stealer |
| 3.4.23 | Titan Stealer | The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. | MALWARE | Stealer |
| 02.04.2026 | Torg Grabber | Torg Grabber: Anatomy of a New Credential Stealer | MALWARE | STEALER |
| 28.03.2026 | VoidStealer | VoidStealer: Debugging Chrome to Steal Its Secrets | MALWARE | STEALER |
| 21.03.2026 | PureLog Stealer | We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. | MALWARE | STEALER |
| 21.03.2026 | Scarface Stealer | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of ScarfaceStealer, a Go-compiled information stealer that utilizes sophisticated anti-analysis techniques including: | MALWARE | STEALER |
| 08.03.2026 | GIFTEDCROOK | GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations | MALWARE | STEALER |
| 01.03.2026 | Arkanix | Arkanix Stealer: a C++ & Python infostealer | MALWARE | STEALER |
| 15.02.2026 | LummaStealer | LummaStealer Is Getting a Second Life Alongside CastleLoader | MALWARE | STEALER |
| 20.01.2026 | Evelyn | From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers | MALWARE | Stealer |
| 19.01.2026 | StealC | UNO reverse card: stealing cookies from cookie stealers | MALWARE | Stealer |
| 05.01.2026 | VVS Discord | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | MALWARE | STEALER |
| 25.12.2025 | AuraStealer | Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers | MALWARE | STEALER |
| 13.12.2025 | Golang Stealer | This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk. | MALWARE | STEALER |
| 25.11.2025 | StealC V2 infostealer | Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files | MALWARE | Stealer |
| 19.11.2025 | Eternidade Stealer | Advanced Banking Trojan Maverick Uses WhatsApp to Prey on Brazilian Users | MALWARE | Stealer |
| 26.10.2025 | ODYSSEY STEALER | ODYSSEY STEALER : THE REBRAND OF POSEIDON STEALER | MALWARE | Stealer |
| 26.10.2025 | PXA | Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem | MALWARE | Stealer |
| 25.10.2025 | Vidar Stealer 2.0 | Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline. | MALWARE | Stealer |
| 25.10.2025 | SnakeStealer | Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts | MALWARE | Stealer |
| 10.10.2025 | WRECKSTEEL | According to CERT-UA, this is a stealer targeting a range of file extensions and creating screenshots of the compromised machine to be then uploaded via cURL. | MALWARE | Stealer |
| 04.10.2025 | Rhadamanthys 0.9.x | Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. | MALWARE | Stealer |
| 27.09.2025 | Amatera | SVG Phishing hits Ukraine with Amatera Stealer, PureMiner | MALWARE | Stealer |
| 20.09.2025 | Maranhão Stealer | Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. | MALWARE | STEALER |
| 20.09.2025 | DeerStealer | DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities | MALWARE | STEALER |
| 20.09.2025 | XillenStealer | UNMASKING A PYTHON STEALER – “XillenStealer” | MALWARE | STEALER |
| 05.09.2025 | AMOS Stealer | An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps | MALWARE | Stealer |
| 30.08.2025 | INF0S3C STEALER | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment reveals Inf0s3c Stealer, a Python-based grabber designed to collect system information and user data. The executable | MALWARE | Stealer |
| 29.08.2025 | TamperedChef | Truesec has observed what appears to be a large cybercrime campaign, involving multiple fraudulent websites promoted through a Google advertising campaign. | MALWARE | Stealer |
| 23.08.2025 | Chihuahua Stealer | Chihuahua Stealer: Disguising Data Theft in Plain Lyrics | MALWARE | Stealer |
| 19.08.2025 | Noodlophile | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints | MALWARE | STEALER |
| 17.08.2025 | DarkCloud | New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer | MALWARE | STEALER |
| 05.08.2025 | PXA Stealer | Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem | MALWARE | STEALER |
| 28.06.2025 | GIFTEDCROOK | GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations | MALWARE | STEALER |
| 27.06.2025 | ODYSSEY STEALER | The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts). | MALWARE | STEALER |
| 21.06.2025 | Amatera Stealer | Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer. | MALWARE | STEALER |
| 21.06.2025 | VMDetector | VMDetector-Based Loader Abuses Steganography to Deliver Infostealers | MALWARE | STEALER |
| 20.06.2025 | KimJongRAT | Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation | MALWARE | STEALER |
| 14.06.2025 | Skuld | The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets. | MALWARE | STEALER |
| 11.06.2025 | Rust Based InfoStealer | Demystifying Myth Stealer: A Rust Based InfoStealer | MALWARE | STEALER |
| 07.06.2025 | AMOS update | AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers | MALWARE | Stealer |
| 30.05.2025 | EDDIESTEALER | Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns | MALWARE | STEALER |
| 30.05.2025 | EDDIESTEALER | Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns | MALWARE | STEALER |
| 18.05.2025 | SnipVex | SnipVex—more than a Clipbanker | MALWARE | Stealer |
| 13.05.2025 | Noodlophile | New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms | MALWARE | STEALER |
| 10.05.2025 | OtterCookie v4 | Additional Features of OtterCookie Malware Used by WaterPlum | MALWARE | STEALER |
| 09.05.2025 | PupkinStealer | PupkinStealer : A .NET-Based Info-Stealer | MALWARE | STEALER |
| 09.05.2025 | HANNIBAL Stealer | HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage | MALWARE | STEALER |
| 01.04.2025 | EncryptHub stealer | On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), | MALWARE | Stealer |
| 21.03.2025 | Arcane stealer | What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. | MALWARE | Stealer |
| 08.03.2025 | Skuld stealer | TMPN (Skuld) Stealer: The dark side of open source | MALWARE | Stealer |
| 05.03.2025 | BackConnect | Qbot is Back.Connect | MALWARE | Stealer |
| 24.02.2025 | ACRStealer | ACRStealer Infostealer Exploiting Google Docs as C2 | MALWARE | Stealer |
| 17.12.2024 | CoinLurker | CoinLurker: The Stealer Powering the Next Generation of Fake Updates | MALWARE | STEALER |
| 07.12.2024 | Realst | Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows | MALWARE | STEALER |
| 22.11.2024 | JarkaStealer | Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository. | MALWARE | STEALER |
| 21.11.2024 | NodeStealer | Python NodeStealer Targets Facebook Ads Manager with New Techniques | MALWARE | STEALER |
| 16.11.2024 | DEEPDATA | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | MALWARE | STEALER |
| 15.11.2024 | PXA Stealer | New PXA Stealer targets government and education sectors for sensitive information | MALWARE | STEALER |
| 12.11.2024 | RustyStealer | Ymir: new stealthy ransomware in the wild | MALWARE | STEALER |
| 08.11.2024 | Skuld | Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber | MALWARE | STEALER |
| 25.09.2024 | Taliban Stealer | Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'. | MALWARE | Stealer |
| 25.09.2024 | Rage Stealer | A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise | MALWARE | Stealer |
| 25.09.2024 | X-FILES Stealer | X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements | MALWARE | Stealer |
| 25.09.2024 | QWERTY Stealer | QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure. | MALWARE | Stealer |
| 25.09.2024 | et Another Silly Stealer (YASS) | There's Something About CryptBot: Yet Another Silly Stealer (YASS) | MALWARE | Stealer |
| 25.09.2024 | Poseidon | Poseidon Stealer Uses Sora AI Lure to Infect macOS | MALWARE | Stealer |
| 25.09.2024 | Luxy | Luxy: A Stealer and a Ransomware in one | MALWARE | Stealer |
| 25.09.2024 | Gomorrah | Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware | MALWARE | Stealer |
| 25.09.2024 | Emansrepo | In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices. | MALWARE | Stealer |
| 25.09.2024 | BLX (aka XLABB) | BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild. | MALWARE | Stealer |
| 21.08.2024 | Styx | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove | MALWARE | Stealer |
| 27.07.2024 | ExelaStealer | Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): | MALWARE | Stealer |
| 25.07.2024 | ACR Stealer | ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. | MALWARE | Stealer |
| 18.07.2024 | BeaverTail | North Korean Hackers Update BeaverTail Malware to Target MacOS Users | MALWARE | Stealer |
| 15.07.2024 | SYS01 Stealer | How SYS01 Stealer Will Get Your Sensitive Facebook Info | MALWARE | Stealer |
| 08.07.2024 | StrelaStealer | StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe | MALWARE | Stealer |
| 08.07.2024 | Satanstealer | Satanstealer is a new open source infostealing malware shared on GitHub. | MALWARE | Stealer |
| 08.07.2024 | Poseidon | ‘Poseidon’ Mac stealer distributed via Google ads | MALWARE | Stealer |
| 08.07.2024 | 0bj3ctivity | 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. | MALWARE | Stealer |
| 08.07.2024 | Neptune Stealer | A new malware strain dubbed Neptune Stealer has been uncovered by researchers. | MALWARE | Stealer |
| 08.07.2024 | Kematian Stealer | Kematian-Stealer : A Deep Dive into a New Information Stealer | MALWARE | Stealer |
| 07.06.2024 | SPECTR | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | MALWARE | Stealer |
| 06.06.2024 | 'Lumma' crypto stealer | Russia-linked 'Lumma' crypto stealer now targets Python devs | MALWARE | Stealer |
| 03.06.2024 | Lumma Stealer | Fake Browser Updates delivering BitRAT and Lumma Stealer | MALWARE | Stealer |
| 11.05.2024 | zEus | zEus Stealer Distributed via Crafted Minecraft Source Pack | MALWARE | Stealer |
| 07.05.2024 | MetaStealer | Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset. | MALWARE | Stealer |
| 24.04.2024 | CoralRaider | Suspected CoralRaider continues to expand victimology using three information stealers | MALWARE | Stealer |
| 22.04.2024 | Redline Stealer | A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. | MALWARE | Stealer |
| 05.04.2024 | Rhadamanthys | Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) | MALWARE | Stealer |
| 05.04.2024 | VietCredCare | Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses | MALWARE | Stealer |
| 05.04.2024 | StrelaStealer | SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. | MALWARE | Stealer |
| 05.04.2024 | Sync-Scheduler | This study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities. | MALWARE | Stealer |
| 05.04.2024 | Rhadamanthys | Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign | MALWARE | Stealer |
| 22.03.2024 | StrelaStealer | StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. | MALWARE | Stealer |
| 20.03.2024 | WhiteSnake Stealer | WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous | MALWARE | Stealer |
| 20.03.2024 | Taurus Stealer | The GlorySprout or a Failed Clone of Taurus Stealer | MALWARE | Stealer |
| 18.03.2024 | AZORult | From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites | MALWARE | Stealer |
| 18.03.2024 | STEELHOOK | PowerShell script | MALWARE | Stealer |
| 18.03.2024 | IRONJAW | the malware was used previously in campaigns from July through August, and September 2023 | MALWARE | Stealer |
| 17.03.2024 | RisePro stealer | RisePro stealer targets Github users in “gitgub” campaign | MALWARE | Stealer |
| 14.03.2024 | Planet Stealer | Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums. | MALWARE | Stealer |
| 14.03.2024 | Tweaks Stealer | Tweaks Stealer Targets Roblox Users Through YouTube and Discord | MALWARE | Stealer |
| 14.03.2024 | Phemedrone Stealer | Unveiling Phemedrone Stealer: Threat Analysis and Detections | MALWARE | Stealer |
| 28.02.2024 | Pony | Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for.. | MALWARE | Stealer |
| 28.02.2024 | TimbreStealer | When Stealers Converge: New Variant of Atomic Stealer in the Wild | MALWARE | Stealer |
| 27.02.2024 | DarkVNC | DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016. | MALWARE | Stealer |
| 21.02.2024 | PlugX | Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats | MALWARE | Stealer |
| 21.02.2024 | VietCredCare | Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses | MALWARE | Stealer |
| 18.02.2024 | Raccoon Stealer v2 | Raccoon Stealer v2 – Part 1: The return of the dead | MALWARE | Stealer |
| 18.02.2024 | Recordbreaker | An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, | MALWARE | Stealer |
| 08.02.2024 | Troll Stealer | Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer | MALWARE | Stealer |
| 06.02.2024 | CrackedCantil | CrackedCantil: A Malware Symphony Breakdown | MALWARE | Stealer |
| 06.02.2024 | Ov3r_Stealer | Facebook Advertising Spreads Novel Malware Variant | MALWARE | Stealer |
| 05.02.2024 | Phemedrone Stealer | CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign | MALWARE | Stealer |
| 05.02.2024 | Mispadu Stealer | Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019 | MALWARE | Stealer |
| 31.01.2024 | Rage Stealer | From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer | MALWARE | Stealer |
| 31.01.2024 | Monster Stealer | RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER | MALWARE | Stealer |
| 16.01.2024 | Phemedrone | CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign | MALWARE | Stealer |
| 09.01.2024 | Lumma Stealer | Deceptive Cracked Software Spreads Lumma Variant on YouTube | MALWARE | Stealer |
| 09.01.2024 | Lumma Stealer | Deceptive Cracked Software Spreads Lumma Variant on YouTube | MALWARE | Stealer |
| 03.01.2024 | WhiteSnake Stealer | WhiteSnake Stealer malware sample on MalwareBazaar | MALWARE | Stealer |
| 03.01.2024 | RisePro | RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information,... | MALWARE | Stealer |
| 03.01.2024 | WhiteSnake Stealer | WhiteSnake Stealer malware sample on MalwareBazaar | MALWARE | Stealer |
| 03.01.2024 | RisePro | RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data. | MALWARE | Stealer |
| 01.01.2024 | Medusa Stealer | On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). | MALWARE | Stealer |
| 01.01.2024 | Jinx | Jinx – Malware 2.0 We know it’s big, we measured it! | MALWARE | Stealer |
| 01.01.2024 | Medusa Stealer | On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). | MALWARE | Stealer |
| 01.01.2024 | Jinx | Jinx – Malware 2.0 We know it’s big, we measured it! | MALWARE | Stealer |
| 28.12.2023 | RecordBreaker | This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. | MALWARE | Stealer |
| 24.12.2023 | Agent Tesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. | MALWARE | Stealer |
| 19.12.2023 | Rhadamanthys | RHADAMANTHYS V0.5.0 – A DEEP DIVE INTO THE STEALER’S COMPONENTS | MALWARE | Stealer |
| 19.12.2023 | QakBot | #Qakbot is back! The new version is 64-bit, uses AES for network encryption, and sends POST requests to the path /teorema505. | MALWARE | Stealer |
| 15.12.2023 | W4SP Stealer | The final payload is a Trojan written in Python and obfuscated with the same obfuscator as the downloader. The malware is dubbed “W4SP Stealer” by its author in the code. | MALWARE | Stealer |
| 14.12.2023 | Micropsia | This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in. | MALWARE | Stealer |
| 13.12.2023 | Meduza Stealer | UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) | MALWARE | Stealer |
| 12.12.2023 | MrAnon Stealer | MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF | MALWARE | Stealer |
| 22.11.2023 | Agent Tesla | New "Agent Tesla" Variant: Unusual "ZPAQ" Archive Format Delivers Malware | MALWARE | Stealer |
| 20.11.2023 | Trap Stealer | New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds | MALWARE | Stealer |
| 20.11.2023 | BbyStealer | BbyStealer Malware Resurfaces, Sets Sights on VPN Users | MALWARE | Stealer |
| 20.11.2023 | LummaC2 | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022 | MALWARE | Stealer |
| 14.11.2023 | Ducktail | According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. | MALWARE | Stealer |
| 03.11.2023 | NodeStealer | NodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accounts | MALWARE | Stealer |
| 28.10.2023 | LPEClient | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. | MALWARE | Stealer |
| 27.10.2023 | GoPIX | Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware | MALWARE | Stealer |
| 21.10.2023 | LOBSHOT | According to PCrisk, LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. | MALWARE | Stealer |
| 21.10.2023 | DUCKTAIL | According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. | MALWARE | Stealer |
| 20.10.2023 | ExelaStealer | Another InfoStealer Enters the Field, ExelaStealer | MALWARE | Stealer |
| 19.10.2023 | Typhon Stealer | According to PCrisk, Typhon is a stealer-type malware written in the C# programming language. | MALWARE | Stealer |
| 19.10.2023 | Stealerium | According to SecurityScorecard, Stealerium is an open-source stealer available on GitHub. The malware steals information from browsers, cryptocurrency wallets, and applications such as Discord, Pidgin, Outlook, Telegram, Skype, Element, Signal, Tox, Steam, Minecraft, and VPN clients. | MALWARE | Stealer |
| 13.10.2023 | DarkGate | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. | MALWARE | Stealer |
| 13.10.2023 | RecordBreaker | This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. | MALWARE | Stealer |
| 13.10.2023 | Lumma Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. | MALWARE | Stealer |
| 03.10.2023 | The-Murk-Stealer | The report delves into the intricate workings of “The-Murk-Stealer,” a malicious tool that can discreetly infiltrate systems to collect sensitive information. | MALWARE | Stealer |
| 03.10.2023 | Agniane Stealer | Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. | MALWARE | Stealer |
| 19.09.2023 | RECORDSTEALER | New Info-stealer Disguised as Crack Being Distributed | MALWARE | Stealer |
| 16.09.2023 | NodeStealer | New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials | MALWARE | Stealer |
| 16.09.2023 | RedLine/Vidar | In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. | MALWARE | Stealer |
| 16.09.2023 | Bash stealer | Free Download Manager backdoored – a possible supply chain attack on Linux machines | MALWARE | Stealer |
| 13.09.2023 | Merlin | Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. | MALWARE | Stealer |
| 13.09.2023 | RisePro | New RisePro Stealer distributed by the prominent PrivateLoader | MALWARE | Stealer |
| 02.09.2023 | SapphireStealer | Open-source information stealer enables credential and data theft | MALWARE | Stealer |
| 23.08.2023 | Luna Grabber | ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack. | MALWARE | Stealer |
| 14.08.2023 | HYPERSCRAPE | New Iranian APT data extraction tool | MALWARE | Stealer |
| 12.08.2023 | Statc Stealer | Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems, and steals sensitive information. | MALWARE | Stealer |
| 02.08.2023 | NodeStealer 2.0 | About eight months later, in March 2023, FakeGPT, a new variant of a fake ChatGPT Chrome extension that steals Facebook Ad accounts, was reported. | MALWARE | Stealer |
| 03.07.2023 | Meduza Stealer | The Meduza Stealer has a singular objective: comprehensive data theft. | MALWARE | Stealer |
| 03.07.2023 | Lumma Stealer | Lumma is an information stealer written in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram since at least August 2022. | MALWARE | Stealer |
| 22.06.2023 | Bandit Stealer | Bandit is a new information stealer that harvests stored credentials from web browsers, FTP clients, email clients, and targets cryptocurrency wallet applications. | MALWARE | Stealer |
| 22.06.2023 | Aurora Stealer | Drive-by downloads are becoming increasingly common as attackers find new ways to access and exfiltrate sensitive data. | MALWARE | Stealer |
| 22.06.2023 | Album Stealer | Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. | MALWARE | Stealer |
| 22.06.2023 | Mystic Stealer | Mystic Stealer is a new information stealer that was first advertised in April 2023 | MALWARE | Stealer |
| 16.06.2023 | Arkei Stealer | Arkei is a stealer that appeared around May 2018. | MALWARE | Stealer |
| 16.06.2023 | Graphiron | Downloader / information stealer used by UAC-0056, observed since at least October 2022. | MALWARE | Stealer |
| 16.06.2023 | OutSteel | According to MITRE, OutSteel is a file uploader and document stealer developed with the scripting language AutoIT that has been used by Ember Bear since at least March 2021. | MALWARE | Stealer |
| 18.05.2023 | Zmutzy: Stealer | Zmutzy is a spyware and information stealer Trojan written in Microsoft’s .NET language. | MALWARE | Stealer |
| 16.05.2023 | CopperStealer | According to PCRIsk, CopperStealer, also known as Mingloa, is a malicious program designed to steal sensitive/personal information. | MALWARE | Stealer |
| 28.04.2023 | ViperSoftX | ViperSoftX: Hiding in System Logs and Spreading VenomSoftX | MALWARE | Stealer |
| 24.04.2023 | EvilExtractor | EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. | MALWARE | Stealer |
| 20.04.2023 | Rhadamanthys | According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. | MALWARE | Stealer |
| 12.04.2023 | Gopuram | Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | MALWARE | Stealer |
| 12.04.2023 | IconicStealer | Follow-up payload in 3CX supply chain incident, which according to Volexity is an infostealer collecting information about the system and browser using an embedded copy of the SQLite3 library. | MALWARE | Stealer |
| 11.04.2023 | Impala Stealer | Analyzing Impala Stealer – Payload of the first NuGet attack campaign | MALWARE | Stealer |
| 09.04.2023 | Creal Stealer | Recently Cyble Research and Intelligence Labs (CRIL) discovered a phishing site mimicking a Cryptocurrency mining platform that was spreading Creal Stealer. | MALWARE | Stealer |
| 08.04.2023 | Prynt Stealer | No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed | MALWARE | Stealer |
| 08.04.2023 | Typhon Stealer | Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities | MALWARE | Stealer |
| 08.04.2023 | Micropsia | This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in. | MALWARE | Stealer |
| 14.03.2023 | LummaC2 Stealer | During a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based browsers. This stealer was named LummaC2 Stealer, which targets crypto wallets, extensions, and two-factor authentication (2FA) and steals sensitive information from the victim’s machine. | MALWARE | Stealer |
| 14.03.2023 | WhiteSnake Stealer | Cyble Research and Intelligence Labs (CRIL) came across a new malware strain called “WhiteSnake” Stealer. The stealer was first identified on cybercrime forums at the beginning of this month. It is designed to extract sensitive information from the victim’s computer. | MALWARE | Stealer |
| 14.03.2023 | ImBetter | Threat Actors (TAs) employ sophisticated techniques to create phishing websites that are designed to appear legitimate and attractive to users. These deceptive sites are carefully crafted to trick unsuspecting users into downloading and executing malware, which can result in stealing the victim’s sensitive data. | MALWARE | Stealer |
| 07.03.2023 | SYS01stealer | We have seen SYS01 stealer attacking critical government infrastructure employees, manufacturing companies, and other industries. | MALWARE | Stealer |
| 27.02.2023 | PureCrypter | According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 | MALWARE | Stealer |
| 23.02.2023 | S1deload | S1deload Stealer relies on DLL sideloading techniques to run its malicious components. It uses a legitimate, digitally-signed executable that inadvertently loads malicious code if clicked. | MALWARE | Stealer |
| 21.02.2023 | Stealc | Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 | MALWARE | Stealer |
| 14.02.2023 | Rhadamanthys | Rhadamanthys is a stealer trojan that is written in C++ and compiled on 2022-08-22, according to the information received from the hacker, Stealer is still under development. | MALWARE | Stealer |
| 12.02.2023 | VectorStealer | Information stealers are malware designed to steal sensitive information from infected computers, such as login credentials, financial data, and personal information | MALWARE | Stealer |
| 12.02.2023 | Enigma Stealer | We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. | MALWARE | Stealer |
| 03.02.2023 | The Titan Stealer | The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. | MALWARE | Stealer |
| 17.01.2023 | Raccoon Stealer’s | Team Cymru’s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim “Gates”), which utilized “gate” IP addresses to proxy victim traffic / data to static threat actor-controlled infrastructure. | MALWARE | Stealer |
| 14.01.2023 | StrelaStealer | information stealer dubbed StrelaStealer that's spread as a DLL/HTML polyglot. | MALWARE | Stealer |
| 09.01.2023 | Vidar | Vidar Malware is one of the activRaspberry Robine Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. | MALWARE | Stealer |
| 29.06.2022 | YTStealer | YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom” | MALWARE | Stealer |
| 25.06.2022 | Snake Infostealer | This report provides an overview of key information-stealing features of the Snake malware and discusses similarities that we discovered in the staging mechanisms of samples from Snake and two common information-stealing malware programs, FormBook and Agent Tesla. | MALWARE | Stealer |
| 11.05.2022 | Prynt Stealer | Cyble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities. Along with stealing the victim’s data, this stealer can also perform financial thefts using a clipper and keylogging operations. Additionally, it can target 30+ Chromium-based browsers, 5+ Firefox-based browsers, and a range of VPN, FTP, Messaging, and Gaming apps. | MALWARE | Stealer |
| 11.05.2022 | Saintstealer | During our routine threat-hunting exercise, Cyble Research Labs came across a C# .NET-based information stealer developed by the Saint gang. The activities of Saintstealer can be traced back as far as November 2021. The file is not packed and has multiple functionalities to steal credentials and system information. | MALWARE | Stealer |
| 10.05.2022 | Jester Stealer | It is established that the mentioned archive contains the SFX file of the same name, which, in turn, contains the malicious program CredoMap_v2. The difference between this version of the styler and the previous one is that it uses the HTTP protocol to filter data. | MALWARE | Stealer |
| 08.05.2022 | Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | MALWARE | Stealer |
| 08.05.2022 | RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. | MALWARE | Stealer |