Gremlin Stealer: New Stealer on Sale in Underground Forum

Description

A new information-stealing malware called Gremlin Stealer, written in C#, has been identified by researchers. Advertised on Telegram since March 2025, it targets a wide range of data including browser information, crypto wallets, FTP and VPN credentials. The malware exfiltrates stolen data to a web server for publication. It can bypass Chrome's cookie V20 protection and supports various Chromium and Gecko-based browsers. Gremlin Stealer also targets cryptocurrency wallets, Telegram and Discord sessions, and system information. The stolen data is compressed into a ZIP archive and sent to the attacker's server using a Telegram bot. This evolving threat highlights the need for robust cybersecurity measures to protect against such information stealers.