infostealer
-
WeedHack malware campaign infects more than 116,000 Minecraft systems
A malware campaign called WeedHack has infected more than 116,000 Minecraft systems since January, using fake mods and clients promoted through YouTube and search poisoning to steal credentials and other data.
-
Ukraine says it identified 18-year-old suspect in infostealer case tied to 28,000 accounts
Ukraine said it identified an 18-year-old suspect in Odesa in an infostealer case tied to 28,000 customer accounts, with 5,800 used for unauthorized purchases totaling about $721,000.
-
Leaked Shai-Hulud malware resurfaces in npm infostealer campaign
Four malicious npm packages infected with a Shai-Hulud clone were published over the weekend, stealing credentials, secrets and crypto wallet data. One package also added DDoS features, and the combined downloads reached 2,678.
-
Fake OpenAI privacy filter repository hit top of Hugging Face trending list
A malicious Hugging Face repository impersonating OpenAI’s Privacy Filter model reached the platform’s trending list before being disabled. HiddenLayer said it delivered Windows infostealer malware and drew about 244,000 downloads in 18 hours.
-
North Korea-linked campaign spreads across five open-source ecosystems
A North Korea-linked campaign has spread malicious packages across five open-source ecosystems, with a technical analysis saying more than 1,700 packages have been linked to the activity since January 2025.
-
Armenian Extradited to U.S. on Charges of Helping Run RedLine Infostealer
Hambardzum Minasyan, an Armenian national, was extradited to the U.S. and charged with helping manage the RedLine infostealer operation by registering servers, domains and a cryptocurrency account used for affiliate payments; he faces federal counts that carry up to 30 years in prison.
-
VoidStealer uses debugger trick to extract Chrome master key, researchers say
VoidStealer, a malware-as-a-service, uses a debugger-based method that leverages hardware breakpoints to extract Chrome’s v20_master_key from memory, researchers at Gen Digital reported.
-
Speagle malware hijacks Cobra DocGuard to hide data exfiltration
A technical analysis reported a new infostealer named Speagle that hijacks Cobra DocGuard servers to hide data exfiltration. The 32-bit .NET malware targets only systems with Cobra DocGuard installed and remains unattributed.
-
Infostealer exfiltrates OpenClaw configuration, capturing tokens and keys
Researchers found an information stealer exfiltrated OpenClaw configuration files, including gateway tokens, device keys and the agent soul file. The analysis warns this enables remote access and may prompt specialized malware modules for AI agents.
-
Microsoft warns Python-based infostealers are targeting macOS via malvertising and fake installers
Microsoft warned in a technical analysis that Python-based infostealers have expanded to macOS since late 2025. Campaigns use malvertising, fake DMG installers, and fileless techniques to steal credentials and iCloud Keychain data.
