Tag: browser data theft

8 Attack Reports | 0 Vulnerabilities

Attack reports

Malicious PyPI Packages Deliver SilentSync RAT

Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturin…
rat
python
typosquatting
supply chain
data theft
remote access
pypi
data-exfiltration
supply-chain-attack
browser-data-theft
2025-09-18
silentsync
2025-09-19
python packages
Published: September 19, 2025
Downloadable IOCs: 0

NordDragonScan: Quiet Data-Harvester on Windows

A sophisticated infostealer dubbed NordDragonScan has been discovered, targeting Windows systems through weaponized HTA scripts. The malware is distributed via shortened links leading to RAR archives containing malicious LNK shortcuts. Once installed, NordDragonScan performs extensive reconnaissanc…
infostealer
browser data theft
2025-07-14
norddragonscan
Published: July 14, 2025
Downloadable IOCs: 11

Famous Chollima deploying Python version of GolangGhost RAT

In May 2025, Cisco Talos identified a Python-based remote access trojan (RAT) called 'PylangGhost', used by a North Korean-aligned threat actor. PylangGhost shares similarities with the previously documented GolangGhost RAT. The threat actor, Famous Chollima, has been targeting employees with exper…
rat
cryptocurrency
browser data theft
blockchain
golangghost
2025-06-18
pylangghost
Published: June 18, 2025
Downloadable IOCs: 67

Russian Unit 26165 Targets Western Logistics and Technology Companies

Chihuahua Infostealer is a sophisticated .NET-based malware discovered in April 2025, targeting browser credentials and cryptocurrency wallet data. It employs multi-stage delivery through obfuscated PowerShell scripts, often using trusted platforms like Google Drive for initial distribution. The ma…
obfuscation
powershell
infostealer
persistence
data-exfiltration
2025-05-27
crypto-wallet-theft
chihuahua infostealer
browser-data-theft
.net-malware
Published: May 27, 2025
Downloadable IOCs: 10

HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage

The Hannibal Stealer is a sophisticated information stealer targeting Chromium and Gecko-based browsers, developed in C# and operating on the .NET Framework. It bypasses Chrome Cookie V20 protection and steals data from cryptocurrency wallets, FTP clients, VPNs, and messaging apps. The malware perf…
cryptocurrency
sharp stealer
data exfiltration
information stealer
browser data theft
geofencing
2025-04-26
hannibal stealer
tx stealer
vpn credentials
c2 panel
telegram channels
2025-04-30
rebranded malware
vpn credential theft
Published: April 30, 2025
Downloadable IOCs: 4

HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING

Hexon Stealer, a malware capable of extracting sensitive information from browsers, has emerged as a rebranded version of Stealit Stealer. It utilizes the Electron framework and NSIS installer format to target browser cookies, credentials, and crypto-wallets. The malware grants full remote access t…
obfuscation
remote access
nsis installer
cryptocurrency theft
browser data theft
2024-11-23
hexon stealer
electron framework
stealit stealer
turkish developer
discord stealer
fewer stealer
Published: November 23, 2024
Downloadable IOCs: 0

The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer

This analysis examines three emerging malware threats: Divulge Stealer, DedSec Stealer, and Duck Stealer. These stealers, often promoted on platforms like GitHub and Telegram, target browser data, game information, and sensitive personal details. Divulge Stealer, a successor to Umbral Stealer, feat…
infostealer
cryptocurrency
browser data theft
2024-10-21
anti-vm
doenerium
divulge stealer
umbral stealer
duck stealer
azstealer
dedsec stealer
Published: October 21, 2024
Downloadable IOCs: 3

Exploring AsyncRAT and Infostealer Plugin Delivery Through…

This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Script File that downloads and executes various scripts, ultimately leading to the installation of AsyncRAT with an infostealer plugin. The malware targets multiple browsers…
phishing
powershell
infostealer
asyncrat
vbscript
2024-09-02
process hollowing
cryptocurrency wallets
browser data theft
Published: September 2, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8), CVE-2024-28986
Downloadable IOCs: 8
Click here to see more Attack Reports