UNVEILING A PYTHON STEALER – INF0S3C STEALER

Sept. 3, 2025, 7:04 a.m.

Description

Inf0s3c Stealer is a sophisticated Python-based malware designed to collect system information and user data. It systematically gathers host identifiers, CPU information, network configuration, and captures screenshots. The malware enumerates running processes, generates directory views, and compiles stolen data into a password-protected archive for exfiltration. It employs various techniques for persistence, including injection into Discord and Windows Startup manipulation. The stealer targets sensitive information such as passwords, cookies, browsing history, and cryptocurrency wallets. It also implements anti-VM checks and can self-delete after execution. The analysis reveals similarities with other malware projects, suggesting potential for rapid iteration and wider distribution.

External References

https://www.cyfirma.com/research/unveiling-a-python-stealer-inf0s3c-stealer/
https://otx.alienvault.com/pulse/68b7d3a9bc1a4bdb86bdf90c
Tags
python
stealer
discord
data exfiltration
pyinstaller
system reconnaissance
upx packing
2025-09-03
windows api
blank grabber
inf0s3c stealer
umbral-stealer

Date

  • Created: Sept. 3, 2025, 5:35 a.m.
  • Published: Sept. 3, 2025, 5:35 a.m.
  • Modified: Sept. 3, 2025, 7:04 a.m.

Indicators

  • 50ae8793dbf1d9b543ee3cfaa01cab0547dabb83033d1f142f2e672fcd0dc040
Download all indicators here!

Attack Patterns

  • Umbral-Stealer
  • Inf0s3c Stealer
  • Blank Grabber