Stealer 

08.05.2025 StealC I StealC You: Tracking the Rapid Changes To StealC MALWARE Steal
08.05.2025 COLDRIVER COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs MALWARE Steal
01.11.2023 LIONTAIL  FROM ALBANIA TO THE MIDDLE EAST: THE SCARRED MANTICORE IS LISTENING MALWARE Steal
25.05.2023 JackalSteal  An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server. MALWARE Steal
3.4.23  HookSpoofer The Uptycs Threat Research Team has discovered a new infostealer. Spread by multiple bundlers and new on cybercrime forums, HookSpoofer has keylogging and clipper abilities. (A bundler combines two or more files in a single package.) It sends its stolen data to a Telegram bot. MALWARE Stealer
3.4.23  Titan Stealer The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes.  MALWARE Stealer
02.04.2026 Torg Grabber Torg Grabber: Anatomy of a New Credential Stealer MALWARE STEALER
28.03.2026 VoidStealer VoidStealer: Debugging Chrome to Steal Its Secrets MALWARE STEALER
21.03.2026 PureLog Stealer  We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. MALWARE STEALER
21.03.2026 Scarface Stealer This week, the SonicWall Capture Labs Threat Research team analyzed a sample of ScarfaceStealer, a Go-compiled information stealer that utilizes sophisticated anti-analysis techniques including:  MALWARE STEALER
08.03.2026 GIFTEDCROOK  GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations MALWARE STEALER
01.03.2026 Arkanix  Arkanix Stealer: a C++ & Python infostealer MALWARE STEALER
15.02.2026 LummaStealer LummaStealer Is Getting a Second Life Alongside CastleLoader MALWARE STEALER
20.01.2026 Evelyn  From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers MALWARE Stealer
19.01.2026 StealC UNO reverse card: stealing cookies from cookie stealers MALWARE Stealer
05.01.2026 VVS Discord  VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion MALWARE STEALER
25.12.2025 AuraStealer Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers MALWARE STEALER
13.12.2025 Golang Stealer This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk.  MALWARE STEALER
25.11.2025 StealC V2 infostealer Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files MALWARE Stealer
19.11.2025 Eternidade Stealer Advanced Banking Trojan Maverick Uses WhatsApp to Prey on Brazilian Users MALWARE Stealer
26.10.2025 ODYSSEY STEALER ODYSSEY STEALER : THE REBRAND OF POSEIDON STEALER MALWARE Stealer
26.10.2025 PXA Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem MALWARE Stealer
25.10.2025 Vidar Stealer 2.0 Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline. MALWARE Stealer
25.10.2025 SnakeStealer Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts MALWARE Stealer
10.10.2025 WRECKSTEEL According to CERT-UA, this is a stealer targeting a range of file extensions and creating screenshots of the compromised machine to be then uploaded via cURL.  MALWARE Stealer
04.10.2025 Rhadamanthys 0.9.x Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. MALWARE Stealer
27.09.2025 Amatera  SVG Phishing hits Ukraine with Amatera Stealer, PureMiner MALWARE Stealer
20.09.2025 Maranhão Stealer Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. MALWARE STEALER
20.09.2025 DeerStealer DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities MALWARE STEALER
20.09.2025 XillenStealer UNMASKING A PYTHON STEALER – “XillenStealer” MALWARE STEALER
05.09.2025 AMOS Stealer An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps MALWARE Stealer
30.08.2025 INF0S3C STEALER EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment reveals Inf0s3c Stealer, a Python-based grabber designed to collect system information and user data. The executable MALWARE Stealer
29.08.2025 TamperedChef Truesec has observed what appears to be a large cybercrime campaign, involving multiple fraudulent websites promoted through a Google advertising campaign. MALWARE Stealer
23.08.2025 Chihuahua Stealer Chihuahua Stealer: Disguising Data Theft in Plain Lyrics MALWARE Stealer
19.08.2025 Noodlophile  Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints  MALWARE STEALER
17.08.2025 DarkCloud New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer MALWARE STEALER
05.08.2025 PXA Stealer Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem MALWARE STEALER
28.06.2025 GIFTEDCROOK GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations MALWARE STEALER
27.06.2025 ODYSSEY STEALER The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts).  MALWARE STEALER
21.06.2025 Amatera Stealer Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer.  MALWARE STEALER
21.06.2025 VMDetector VMDetector-Based Loader Abuses Steganography to Deliver Infostealers MALWARE STEALER
20.06.2025 KimJongRAT Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation MALWARE STEALER
14.06.2025 Skuld The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets. MALWARE STEALER
11.06.2025 Rust Based InfoStealer Demystifying Myth Stealer: A Rust Based InfoStealer MALWARE STEALER
07.06.2025 AMOS update AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers MALWARE Stealer
30.05.2025 EDDIESTEALER Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns MALWARE STEALER
30.05.2025 EDDIESTEALER Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns MALWARE STEALER
18.05.2025 SnipVex SnipVex—more than a Clipbanker MALWARE Stealer
13.05.2025 Noodlophile New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms MALWARE STEALER
10.05.2025 OtterCookie v4 Additional Features of OtterCookie Malware Used by WaterPlum MALWARE STEALER
09.05.2025 PupkinStealer PupkinStealer : A .NET-Based Info-Stealer MALWARE STEALER
09.05.2025 HANNIBAL Stealer HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage MALWARE STEALER
01.04.2025 EncryptHub stealer On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), MALWARE Stealer
21.03.2025 Arcane stealer What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS.  MALWARE Stealer
08.03.2025 Skuld stealer TMPN (Skuld) Stealer: The dark side of open source MALWARE Stealer
05.03.2025 BackConnect  Qbot is Back.Connect MALWARE Stealer
24.02.2025 ACRStealer ACRStealer Infostealer Exploiting Google Docs as C2 MALWARE Stealer
17.12.2024 CoinLurker CoinLurker: The Stealer Powering the Next Generation of Fake Updates MALWARE STEALER
07.12.2024 Realst Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows MALWARE STEALER
22.11.2024 JarkaStealer Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository. MALWARE STEALER
21.11.2024 NodeStealer Python NodeStealer Targets Facebook Ads Manager with New Techniques MALWARE STEALER
16.11.2024 DEEPDATA BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA MALWARE STEALER
15.11.2024 PXA Stealer New PXA Stealer targets government and education sectors for sensitive information MALWARE STEALER
12.11.2024 RustyStealer Ymir: new stealthy ransomware in the wild MALWARE STEALER
08.11.2024  Skuld  Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber MALWARE STEALER
25.09.2024 Taliban Stealer Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'.  MALWARE Stealer
25.09.2024 Rage Stealer A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise MALWARE Stealer
25.09.2024 X-FILES Stealer X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements MALWARE Stealer
25.09.2024 QWERTY Stealer QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure.  MALWARE Stealer
25.09.2024 et Another Silly Stealer (YASS) There's Something About CryptBot: Yet Another Silly Stealer (YASS) MALWARE Stealer
25.09.2024 Poseidon Poseidon Stealer Uses Sora AI Lure to Infect macOS MALWARE Stealer
25.09.2024 Luxy Luxy: A Stealer and a Ransomware in one MALWARE Stealer
25.09.2024 Gomorrah Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware MALWARE Stealer
25.09.2024 Emansrepo  In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.  MALWARE Stealer
25.09.2024 BLX (aka XLABB)  BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild. MALWARE Stealer
21.08.2024 Styx Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove MALWARE Stealer
27.07.2024 ExelaStealer Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): MALWARE Stealer
25.07.2024 ACR Stealer ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums.  MALWARE Stealer
18.07.2024 BeaverTail North Korean Hackers Update BeaverTail Malware to Target MacOS Users MALWARE Stealer
15.07.2024 SYS01 Stealer How SYS01 Stealer Will Get Your Sensitive Facebook Info MALWARE Stealer
08.07.2024 StrelaStealer StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe MALWARE Stealer
08.07.2024 Satanstealer Satanstealer is a new open source infostealing malware shared on GitHub. MALWARE Stealer
08.07.2024 Poseidon ‘Poseidon’ Mac stealer distributed via Google ads MALWARE Stealer
08.07.2024 0bj3ctivity 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy.  MALWARE Stealer
08.07.2024 Neptune Stealer A new malware strain dubbed Neptune Stealer has been uncovered by researchers. MALWARE Stealer
08.07.2024 Kematian Stealer Kematian-Stealer : A Deep Dive into a New Information Stealer MALWARE Stealer
07.06.2024 SPECTR  SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign  MALWARE Stealer
06.06.2024 'Lumma' crypto stealer Russia-linked 'Lumma' crypto stealer now targets Python devs MALWARE Stealer
03.06.2024 Lumma Stealer Fake Browser Updates delivering BitRAT and Lumma Stealer MALWARE Stealer
11.05.2024 zEus  zEus Stealer Distributed via Crafted Minecraft Source Pack MALWARE Stealer
07.05.2024 MetaStealer Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset. MALWARE Stealer
24.04.2024 CoralRaider Suspected CoralRaider continues to expand victimology using three information stealers MALWARE Stealer
22.04.2024 Redline Stealer A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. MALWARE Stealer
05.04.2024 Rhadamanthys Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) MALWARE Stealer
05.04.2024 VietCredCare  Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses MALWARE Stealer
05.04.2024 StrelaStealer SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. MALWARE Stealer
05.04.2024 Sync-Scheduler This study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities.  MALWARE Stealer
05.04.2024 Rhadamanthys Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign  MALWARE Stealer
22.03.2024 StrelaStealer  StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. MALWARE Stealer
20.03.2024 WhiteSnake Stealer WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous MALWARE Stealer
20.03.2024 Taurus Stealer The GlorySprout or a Failed Clone of Taurus Stealer MALWARE Stealer
18.03.2024 AZORult  From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites MALWARE Stealer
18.03.2024 STEELHOOK PowerShell script MALWARE Stealer
18.03.2024 IRONJAW the malware was used previously in campaigns from July through August, and September 2023 MALWARE Stealer
17.03.2024 RisePro stealer  RisePro stealer targets Github users in “gitgub” campaign MALWARE Stealer
14.03.2024 Planet Stealer Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums. MALWARE Stealer
14.03.2024 Tweaks Stealer Tweaks Stealer Targets Roblox Users Through YouTube and Discord MALWARE Stealer
14.03.2024 Phemedrone Stealer Unveiling Phemedrone Stealer: Threat Analysis and Detections MALWARE Stealer
28.02.2024 Pony Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for.. MALWARE Stealer
28.02.2024 TimbreStealer When Stealers Converge: New Variant of Atomic Stealer in the Wild MALWARE Stealer
27.02.2024 DarkVNC DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016. MALWARE Stealer
21.02.2024 PlugX Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats MALWARE Stealer
21.02.2024 VietCredCare Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses MALWARE Stealer
18.02.2024 Raccoon Stealer v2 Raccoon Stealer v2 – Part 1: The return of the dead MALWARE Stealer
18.02.2024 Recordbreaker An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, MALWARE Stealer
08.02.2024 Troll Stealer Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer MALWARE Stealer
06.02.2024 CrackedCantil CrackedCantil: A Malware Symphony Breakdown MALWARE Stealer
06.02.2024 Ov3r_Stealer Facebook Advertising Spreads Novel Malware Variant MALWARE Stealer
05.02.2024 Phemedrone Stealer CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign MALWARE Stealer
05.02.2024 Mispadu Stealer Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019 MALWARE Stealer
31.01.2024 Rage Stealer From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer MALWARE Stealer
31.01.2024 Monster Stealer RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER MALWARE Stealer
16.01.2024 Phemedrone  CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign MALWARE Stealer
09.01.2024 Lumma Stealer Deceptive Cracked Software Spreads Lumma Variant on YouTube MALWARE Stealer
09.01.2024 Lumma Stealer Deceptive Cracked Software Spreads Lumma Variant on YouTube MALWARE Stealer
03.01.2024 WhiteSnake Stealer WhiteSnake Stealer malware sample on MalwareBazaar MALWARE Stealer
03.01.2024 RisePro RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information,... MALWARE Stealer
03.01.2024 WhiteSnake Stealer WhiteSnake Stealer malware sample on MalwareBazaar MALWARE Stealer
03.01.2024 RisePro RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data.  MALWARE Stealer
01.01.2024 Medusa Stealer On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). MALWARE Stealer
01.01.2024 Jinx Jinx – Malware 2.0 We know it’s big, we measured it! MALWARE Stealer
01.01.2024 Medusa Stealer On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). MALWARE Stealer
01.01.2024 Jinx Jinx – Malware 2.0 We know it’s big, we measured it! MALWARE Stealer
28.12.2023 RecordBreaker This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++.  MALWARE Stealer
24.12.2023 Agent Tesla A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.  MALWARE Stealer
19.12.2023 Rhadamanthys RHADAMANTHYS V0.5.0 – A DEEP DIVE INTO THE STEALER’S COMPONENTS MALWARE Stealer
19.12.2023 QakBot  #Qakbot is back! The new version is 64-bit, uses AES for network encryption, and sends POST requests to the path /teorema505. MALWARE Stealer
15.12.2023 W4SP Stealer The final payload is a Trojan written in Python and obfuscated with the same obfuscator as the downloader. The malware is dubbed “W4SP Stealer” by its author in the code.  MALWARE Stealer
14.12.2023 Micropsia This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in.  MALWARE Stealer
13.12.2023 Meduza Stealer UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) MALWARE Stealer
12.12.2023 MrAnon Stealer MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF MALWARE Stealer
22.11.2023 Agent Tesla New "Agent Tesla" Variant: Unusual "ZPAQ" Archive Format Delivers Malware MALWARE Stealer
20.11.2023 Trap Stealer New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds MALWARE Stealer
20.11.2023 BbyStealer BbyStealer Malware Resurfaces, Sets Sights on VPN Users MALWARE Stealer
20.11.2023 LummaC2  Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022 MALWARE Stealer
14.11.2023 Ducktail  According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.  MALWARE Stealer
03.11.2023 NodeStealer NodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accounts MALWARE Stealer
28.10.2023 LPEClient LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload.  MALWARE Stealer
27.10.2023 GoPIX Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware MALWARE Stealer
21.10.2023 LOBSHOT According to PCrisk, LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. MALWARE Stealer
21.10.2023 DUCKTAIL According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.  MALWARE Stealer
20.10.2023 ExelaStealer Another InfoStealer Enters the Field, ExelaStealer MALWARE Stealer
19.10.2023 Typhon Stealer According to PCrisk, Typhon is a stealer-type malware written in the C# programming language. MALWARE Stealer
19.10.2023 Stealerium According to SecurityScorecard, Stealerium is an open-source stealer available on GitHub. The malware steals information from browsers, cryptocurrency wallets, and applications such as Discord, Pidgin, Outlook, Telegram, Skype, Element, Signal, Tox, Steam, Minecraft, and VPN clients. MALWARE Stealer
13.10.2023 DarkGate  First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. MALWARE Stealer
13.10.2023 RecordBreaker This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++.  MALWARE Stealer
13.10.2023 Lumma Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. MALWARE Stealer
03.10.2023 The-Murk-Stealer The report delves into the intricate workings of “The-Murk-Stealer,” a malicious tool that can discreetly infiltrate systems to collect sensitive information.  MALWARE Stealer
03.10.2023 Agniane Stealer Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. MALWARE Stealer
19.09.2023 RECORDSTEALER  New Info-stealer Disguised as Crack Being Distributed MALWARE Stealer
16.09.2023 NodeStealer  New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials MALWARE Stealer
16.09.2023 RedLine/Vidar In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.  MALWARE Stealer
16.09.2023 Bash stealer Free Download Manager backdoored – a possible supply chain attack on Linux machines MALWARE Stealer
13.09.2023 Merlin  Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.  MALWARE Stealer
13.09.2023 RisePro New RisePro Stealer distributed by the prominent PrivateLoader MALWARE Stealer
02.09.2023 SapphireStealer Open-source information stealer enables credential and data theft MALWARE Stealer
23.08.2023 Luna Grabber ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack. MALWARE Stealer
14.08.2023 HYPERSCRAPE  New Iranian APT data extraction tool MALWARE Stealer
12.08.2023 Statc Stealer Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems, and steals sensitive information. MALWARE Stealer
02.08.2023 NodeStealer 2.0 About eight months later, in March 2023, FakeGPT, a new variant of a fake ChatGPT Chrome extension that steals Facebook Ad accounts, was reported. MALWARE Stealer
03.07.2023 Meduza Stealer The Meduza Stealer has a singular objective: comprehensive data theft.  MALWARE Stealer
03.07.2023 Lumma Stealer Lumma is an information stealer written in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram since at least August 2022.  MALWARE Stealer
22.06.2023 Bandit Stealer Bandit is a new information stealer that harvests stored credentials from web browsers, FTP clients, email clients, and targets cryptocurrency wallet applications. MALWARE Stealer
22.06.2023 Aurora Stealer Drive-by downloads are becoming increasingly common as attackers find new ways to access and exfiltrate sensitive data. MALWARE Stealer
22.06.2023 Album Stealer Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. MALWARE Stealer
22.06.2023 Mystic Stealer Mystic Stealer is a new information stealer that was first advertised in April 2023 MALWARE Stealer
16.06.2023 Arkei Stealer Arkei is a stealer that appeared around May 2018. MALWARE Stealer
16.06.2023 Graphiron Downloader / information stealer used by UAC-0056, observed since at least October 2022.  MALWARE Stealer
16.06.2023 OutSteel According to MITRE, OutSteel is a file uploader and document stealer developed with the scripting language AutoIT that has been used by Ember Bear since at least March 2021.  MALWARE Stealer
18.05.2023 Zmutzy: Stealer  Zmutzy is a spyware and information stealer Trojan written in Microsoft’s .NET language. MALWARE Stealer
16.05.2023 CopperStealer According to PCRIsk, CopperStealer, also known as Mingloa, is a malicious program designed to steal sensitive/personal information. MALWARE Stealer
28.04.2023 ViperSoftX ViperSoftX: Hiding in System Logs and Spreading VenomSoftX MALWARE Stealer
24.04.2023 EvilExtractor EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. MALWARE Stealer
20.04.2023 Rhadamanthys According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.  MALWARE Stealer
12.04.2023 Gopuram Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack MALWARE Stealer
12.04.2023 IconicStealer Follow-up payload in 3CX supply chain incident, which according to Volexity is an infostealer collecting information about the system and browser using an embedded copy of the SQLite3 library.  MALWARE Stealer
11.04.2023 Impala Stealer Analyzing Impala Stealer – Payload of the first NuGet attack campaign MALWARE Stealer
09.04.2023 Creal Stealer Recently Cyble Research and Intelligence Labs (CRIL) discovered a phishing site mimicking a Cryptocurrency mining platform that was spreading Creal Stealer.  MALWARE Stealer
08.04.2023 Prynt Stealer No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed MALWARE Stealer
08.04.2023 Typhon Stealer Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities MALWARE Stealer
08.04.2023 Micropsia This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in.  MALWARE Stealer
14.03.2023 LummaC2 Stealer During a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based browsers. This stealer was named LummaC2 Stealer, which targets crypto wallets, extensions, and two-factor authentication (2FA) and steals sensitive information from the victim’s machine.  MALWARE Stealer
14.03.2023 WhiteSnake Stealer Cyble Research and Intelligence Labs (CRIL) came across a new malware strain called “WhiteSnake” Stealer. The stealer was first identified on cybercrime forums at the beginning of this month. It is designed to extract sensitive information from the victim’s computer.  MALWARE Stealer
14.03.2023 ImBetter Threat Actors (TAs) employ sophisticated techniques to create phishing websites that are designed to appear legitimate and attractive to users. These deceptive sites are carefully crafted to trick unsuspecting users into downloading and executing malware, which can result in stealing the victim’s sensitive data. MALWARE Stealer
07.03.2023 SYS01stealer We have seen SYS01 stealer attacking critical government infrastructure employees, manufacturing companies, and other industries. MALWARE Stealer
27.02.2023 PureCrypter  According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 MALWARE Stealer
23.02.2023 S1deload S1deload Stealer relies on DLL sideloading techniques to run its malicious components. It uses a legitimate, digitally-signed executable that inadvertently loads malicious code if clicked. MALWARE Stealer
21.02.2023 Stealc  Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 MALWARE Stealer
14.02.2023 Rhadamanthys Rhadamanthys is a stealer trojan that is written in C++ and compiled on 2022-08-22, according to the information received from the hacker, Stealer is still under development. MALWARE Stealer
12.02.2023 VectorStealer Information stealers are malware designed to steal sensitive information from infected computers, such as login credentials, financial data, and personal information MALWARE Stealer
12.02.2023 Enigma Stealer We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.  MALWARE Stealer
03.02.2023 The Titan Stealer The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. MALWARE Stealer
17.01.2023 Raccoon Stealer’s Team Cymru’s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim “Gates”), which utilized “gate” IP addresses to proxy victim traffic / data to static threat actor-controlled infrastructure. MALWARE Stealer
14.01.2023 StrelaStealer information stealer dubbed StrelaStealer that's spread as a DLL/HTML polyglot. MALWARE Stealer
09.01.2023 Vidar  Vidar Malware is one of the activRaspberry Robine Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2.  MALWARE Stealer
29.06.2022 YTStealer YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom” MALWARE Stealer
25.06.2022 Snake Infostealer This report provides an overview of key information-stealing features of the Snake malware and discusses similarities that we discovered in the staging mechanisms of samples from Snake and two common information-stealing malware programs, FormBook and Agent Tesla.  MALWARE Stealer
11.05.2022 Prynt Stealer Cyble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities. Along with stealing the victim’s data, this stealer can also perform financial thefts using a clipper and keylogging operations. Additionally, it can target 30+ Chromium-based browsers, 5+ Firefox-based browsers, and a range of VPN, FTP, Messaging, and Gaming apps. MALWARE Stealer
11.05.2022 Saintstealer During our routine threat-hunting exercise, Cyble Research Labs came across a C# .NET-based information stealer developed by the Saint gang. The activities of Saintstealer can be traced back as far as November 2021. The file is not packed and has multiple functionalities to steal credentials and system information.  MALWARE Stealer
10.05.2022 Jester Stealer It is established that the mentioned archive contains the SFX file of the same name, which, in turn, contains the malicious program CredoMap_v2. The difference between this version of the styler and the previous one is that it uses the HTTP protocol to filter data.  MALWARE Stealer
08.05.2022 Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. MALWARE Stealer
08.05.2022 RedLine Stealer RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. MALWARE Stealer