Info Stealer
‘Russian Market’ emerges as a go-to shop for stolen credentials
The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. Although the marketplace has been active for roughly six years and became relatively popular by 2022, ReliaQuest reports that the Russian Market has recently reached new heights. Part of this surge in popularity is […]
TikTok videos now push infostealer malware in ClickFix attacks
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. As Trend Micro recently discovered, the threat actors behind this TikTok social engineering campaign are using videos likely generated using AI that ask viewers to run commands claiming to activate Windows and Microsoft Office, as well […]
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide. This effort involved multiple tech companies and law enforcement authorities, resulting in Microsoft’s seizure of approximately 2,300 domains after legal action against the malware on May 13, 2025. At the […]
Fake AI video generators drop new Noodlophile infostealer malware
Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called ‘Noodlophile,’ under the guise of generated media content. The websites use enticing names like the “Dream Machine” and are advertised on high-visibility groups on Facebook, posing as advanced AI tools that generate videos based on uploaded user files. Although […]
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated […]
Steam pulls game demo infecting Windows with info-stealing malware
Valve has removed from its Steam store the game title ‘Sniper: Phantom’s Resolution’ following multiple users reporting that the demo installer infected their systems with information stealing malware. The game, published under the developer name ‘Sierra Six Studios,’ was supposed to be an early preview of the title with a release planned in the coming months. […]
Fake Homebrew Google ads target Mac users with malware
Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. The malicious Google ads campaign was spotted by Ryan Chenkie, who warned on X about the risk of malware infection. The malware used in […]
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. Banshee is an information stealer focused on macOS systems. It emerged in mid-2024 as a stealer-as-a-service available to cybercriminals for $3,000. Its source code was leaked on the XSS forums […]
Crypto-stealing malware posing as a meeting app targets Web3 pros
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. The campaign is dubbed “Meeten” after the name commonly used by the meeting software and has been underway since September 2024. The malware, which has both a Windows and a macOS […]
Malware locks browser in kiosk mode to steal Google credentials
A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and […]