Information stealer
-
Arkanix Stealer MaaS advertised on forums targeted 22 browsers and crypto wallets
Kaspersky analysis found Arkanix Stealer marketed in October 2025 as malware as a service. The campaign used Python and native loaders to harvest data from 22 browsers, gaming clients and crypto wallets before the panel was taken down.
-
Evelyn Stealer targets VS Code extensions to harvest developer credentials
Trend Micro published a technical analysis describing Evelyn Stealer, an information stealer distributed via malicious VS Code extensions. The malware harvests developer credentials and crypto wallets and uploads data to an FTP server.
-
Malicious Blender .blend files used to deliver StealC V2, researchers say
Researchers at Morphisec say a campaign has used malicious Blender .blend files uploaded to free 3D asset sites to execute embedded Python scripts and deliver the StealC V2 information stealer and a secondary Python stealer; the attack runs when Blender’s Auto Run option is enabled.
-
Confucius-linked phishing in Pakistan used WooperStealer and Anondoor, researchers say
Researchers say the Confucius hacking group targeted Pakistani users with phishing lures that delivered WooperStealer and, in later attacks, a Python backdoor called Anondoor; Fortinet and K7 Security Labs described the techniques and capabilities but did not disclose victim counts.
-
Vietnamese hackers use fake copyright notices to steal cryptocurrency, researchers say
A Vietnamese hacking group known as Lone None has launched a multi-language scam to steal personal and financial data, with a focus on cryptocurrency, using fake copyright takedown notices and malware delivered through DLL side-loading, according to Cofense Intelligence.
-
TamperedChef information stealer emerges in malvertising campaign promoting AppSuite PDF Editor
Cybersecurity researchers have identified a malvertising campaign delivering a backdoored PDF editor, AppSuite PDF Editor, that drops a new information stealer dubbed TamperedChef. The operation leverages Windows Registry persistence, a C2-enabled backdoor, and widespread Google ad campaigns to maximize downloads.
