Info Stealer
New macOS stealer campaign uses Script Editor in ClickFix attack
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. Script Editor is a built-in macOS application for writing and running scripts, primarily AppleScript and JXA, that can execute local scripts and shell commands. It […]
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification check to trick users into executing malicious code. Researchers at Malwarebytes say this is the first […]
Suspected RedLine infostealer malware admin extradited to US
An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. Hambardzum Minasyan was arrested on Monday, March 23, and appeared in federal court in Austin on Tuesday, when U.S. prosecutors accused him of registering virtual private […]
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. Initial access is obtained through the ClickFix technique by hijacking the clipboard and tricking the user into executing a malicious PowerShell command. According to researchers at cybersecurity company Gen Digital, Torg Grabber is […]
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. The novel method is stealthier and relies on hardware breakpoints to extract the v20_master_key, used for both encryption and decryption, directly from the browser’s memory, without requiring […]
Fake enterprise VPN downloads used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. The attackers manipulate search results (SEO poisoning) for common queries like “Pulse VPN download” or “Pulse Secure client” to redirect victims to spoofed VPN vendor sites that closely mimic VPN solutions from legitimate […]
Fake Claude Code install guides push infostealers in InstallFix attacks
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command-line interface (CLI) tools. The new trick exploits the common practice among developers these days of downloading and executing scripts through ‘curl-to-bash’ commands from online sources without […]
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. OpenClaw is an open-source AI agent that gained popularity as a personal assistant capable of executing tasks. It has access to local files and can integrate with email, […]
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. The project included a control panel and a Discord server for communication with users, but the author took them down without notification, just two months after the operation began. Arkanix offered many […]
Infostealer malware found stealing OpenClaw secrets for first time
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. OpenClaw (formerly ClawdBot and MoltBot) is a local-running AI agent framework that maintains a persistent configuration and memory environment on the user’s machine. The tool can access local […]