ZCyberNews
中文

#infostealer

10 articles

Over the past month, ZCyberNews has tracked 13 articles on infostealer threats, with 11 rated high severity and one critical. The most frequently observed threat actors were Gremlin Stealer, LummaC2, and NWHStealer. These campaigns primarily targeted the technology, software development, cryptocurrency, financial services, and gaming sectors, with impacts noted globally and in Ukraine. The coverage spanned from April 10 to May 15, 2026, reflecting a concentrated period of infostealer activity across these industries and regions.

Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, PackedHIGH
Malware

Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, Packed

Unit 42 details a new Gremlin stealer variant using XOR-encrypted resource sections, crypto clipper, WebSocket session hijacking, and a commercial packer with instruction...

5 min readGremlin Stealer
Google Ads, Claude Chats Push MacSync Infostealer to macOS UsersHIGH
Malware

Google Ads, Claude Chats Push MacSync Infostealer to macOS Users

Attackers abuse Google Ads linking to real claude.ai and shared Claude chats to deliver MacSync infostealer, harvesting browser credentials and Keychain data.

4 min read
Fake OpenAI Repo on Hugging Face Pushes Rust InfostealerHIGH
Malware

Fake OpenAI Repo on Hugging Face Pushes Rust Infostealer

A typosquatted OpenAI repository reached #1 on Hugging Face with 244,000 downloads, delivering a Rust-based infostealer that targets browser credentials, crypto wallets, and VPN...

3 min readWinos 4.0
NWHStealer Uses Bun JavaScript Runtime to Evade DetectionHIGH
Malware

NWHStealer Uses Bun JavaScript Runtime to Evade Detection

Attackers repurpose the Bun JavaScript runtime to distribute NWHStealer, a Rust-based infostealer targeting browsers, crypto wallets, and FTP apps via game lures and fake software.

3 min readNWHStealer
CISA, FBI Warn of LummaC2 Infostealer Targeting OrgsHIGH
Malware

CISA, FBI Warn of LummaC2 Infostealer Targeting Orgs

CISA and FBI joint advisory details LummaC2 infostealer TTPs and IOCs: malware steals credentials, crypto wallets, and session data from compromised networks.

2 min readLummaC2
Fake Google Antigravity Installer Steals Accounts via Trojanized AI ToolHIGH
Malware

Fake Google Antigravity Installer Steals Accounts via Trojanized AI Tool

Malwarebytes reports a trojanized installer for Google's Antigravity AI tool steals browser cookies and account credentials within minutes, targeting users seeking the leaked software.

3 min read
NGate Malware Uses AI to Evade Detection in Trojanized NFC AppsHIGH
Malware

NGate Malware Uses AI to Evade Detection in Trojanized NFC Apps

NGate malware version 2.0, built with AI assistance, hides in a trojanized NFC payment app to steal SMS, contacts, and crypto wallet data from Android devices while evading security software.

3 min read
MiningDropper Framework Delivers Infostealers, RATs to Android DevicesHIGH
Malware

MiningDropper Framework Delivers Infostealers, RATs to Android Devices

MiningDropper, a multi-stage Android malware framework, delivers infostealers, RATs, and banking trojans to devices via disguised apps, according to CyberSecurity News researchers.

3 min read
Omnistealer Malware Harvests Passwords, Crypto Wallets via Blockchain C2HIGH
Malware

Omnistealer Malware Harvests Passwords, Crypto Wallets via Blockchain C2

Omnistealer malware, detailed by Malwarebytes, steals credentials from 1Password, Bitwarden, NordPass, and Exodus crypto wallets, using the Solana blockchain for stealthy command-and-control communication.

4 min readOmnistealer
AgingFly Malware Targets Ukrainian Government and HospitalsHIGH
Malware

AgingFly Malware Targets Ukrainian Government and Hospitals

A new malware family dubbed 'AgingFly' is stealing authentication data from Chromium browsers and WhatsApp in targeted attacks against Ukrainian local government bodies and hospitals.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.