RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration

Description

Raven Stealer is a modern information-stealing malware developed in Delphi and C++, designed to extract sensitive data from victim machines. It targets Chromium-based browsers, extracting passwords, cookies, payment details, and autofill information. The malware uses a modular architecture and a built-in resource editor, allowing attackers to embed configuration details directly into the compiled payload. Raven Stealer is packed using UPX, reducing its size and improving evasion against static detection. It executes in a hidden state, leaving no visible traces during runtime. The malware is actively distributed through GitHub repositories and promoted via a Telegram channel, which functions as both a development log and distribution platform. Raven Stealer's use of Telegram for C2-like behavior, paired with a clean user interface and dynamic module support, positions it as a commercially attractive tool within the commodity malware ecosystem.