Infosteeler - Cybersec Sentinel

Infosteeler

A collection of 12 posts

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Threat Group: Unknown cybercriminal operators leveraging developer tooling supply chains Threat Type: Information stealer malware delivered via malicious development extensions Exploited Vulnerabilities: Abuse of the Visual Studio Code extension trust model, DLL side loading, PowerShell execution policy misuse, Windows process hollowing Malware Used: Evelyn Stealer, Lightshot.dll downloader, iknowyou.model

VVS Stealer highlights the rising danger of Discord focused infostealers

VVS Stealer highlights the rising danger of Discord focused infostealers

Threat Group – Unknown Threat Type – Information Stealer Exploited Vulnerabilities – None publicly identified Malware Used – VVS Stealer Threat Score – 7.3 🔴 High Last Threat Observation – 6 January 2026 Overview The cybersecurity environment of late 2025 and early 2026 has been shaped by the rapid commoditisation of advanced evasion techniques. VVS Stealer

Arkanix Stealer Jumps from Discord to Browser Sessions and Corporate Logins

Arkanix Stealer Jumps from Discord to Browser Sessions and Corporate Logins

Threat Group – Financially motivated cyber crime cluster operating within a malware as a service ecosystem and using Discord communities, gaming groups and social platforms for distribution Threat Type – Cross platform information stealer family with native C plus plus and legacy Python variants that focus on credential, cookie and wallet theft

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

Threat Group: Vietnamese-speaking cybercrime actors (possible overlap with CoralRaider) Threat Type: Python-based Information Stealer (Infostealer) Exploited Vulnerabilities: DLL sideloading, phishing ZIP archives, abuse of legitimate cloud services (Cloudflare Workers, Dropbox) Malware Used: PXA Stealer Threat Score: 🔥 Critical (9.0/10) – Due to advanced evasion, large-scale credential theft, and abuse of

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Threat Group: Unknown (Emerging actors on Russian Market) Threat Type: Infostealer Malware Exploited Vulnerabilities: Phishing, Malvertising, SEO Poisoning, ClickFix social engineering, AI-generated deception, DLL-SideLoading Malware Used: Acreed Infostealer Threat Score: 🔴 High (7.8/10) – Rapid adoption, advanced session token theft, and critical infrastructure targeting Last Threat Observation: June 4, 2025

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and fake CAPTCHA delivery) Malware Used: EDDIESTEALER Threat Score: 🔴 High (7.8/10) – Due to its novel Rust implementation, evasive delivery methods, and rapid credential exfiltration techniques. Last Threat Observation: May 30, 2025 Overview EDDIESTEALER is

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and legitimate services) Malware Used: Chihuahua Stealer Threat Score: 🔴 High (7.8/10) – Due to its advanced encryption techniques, stealthy multi-stage execution, and targeting of sensitive data such as browser credentials and cryptocurrency wallets. Last Threat

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Threat Group: APT29 (Cozy Bear / Midnight Blizzard / NOBELIUM) Threat Type: Advanced Persistent Threat (APT) – Cyberespionage Exploited Vulnerabilities: None (social engineering and DLL side-loading) Malware Used: GrapeLoader (initial-stage loader), WineLoader (modular backdoor) Threat Score: 🔥 Critical (9.2/10) due to campaign sophistication, high-value diplomatic targeting, and stealth evasion techniques Last Threat

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Threat Group: Multiple Threat Actors (Malware as a Service) Threat Type: Infostealer / Downloader / Trojan Exploited Vulnerabilities: Primarily relies on social engineering and malicious attachments. Occasionally used to deliver secondary payloads that exploit known CVEs. Malware Used: FormBook (rebranded as XLoader) Threat Score: 🔴 High (8.0/10) due to extensive use

macOS Users Targeted by the New Variant of Banshee Infostealer

macOS Users Targeted by the New Variant of Banshee Infostealer

Threat Group: Unknown Threat Type: Information Stealer (Infostealer) Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on social engineering and phishing tactics Malware Used: Banshee Stealer Threat Score: High (8.5/10) – Due to its advanced evasion techniques, targeting of macOS systems, and comprehensive data theft capabilities. Last Threat Observation: January