Search Results: Infostealer

The Rhadamanthys infostealer operation—once a polished subscription-based crimeware business—has been abruptly disrupted, locking its own customers out of their stolen-data panels. All signs point to a stealthy law-enforcement move tied to Operation Endgame, and the message to malware operators is clear: your SaaS playbook is now their attack surface.

A sophisticated campaign is using Google Ads to distribute fake Homebrew, LogMeIn, and TradingView sites that trick macOS developers into executing terminal commands infecting their systems with AMOS and Odyssey infostealers. Researchers identified over 85 malicious domains employing 'ClickFix' techniques to bypass security protections. The malware harvests credentials, cryptocurrency wallets, and sensitive data while evading detection mechanisms.

Huntress Labs reveals a sophisticated attack chain where a seemingly standard Python infostealer evolves into a full-fledged PureRAT compromise, leveraging 10 stages of obfuscation, defense evasion, and modular payloads. This analysis uncovers the progression from phishing lures to commercial RAT deployment, highlighting the operational maturity of threat actors linked to PXA Stealer.

Proofpoint researchers have uncovered a disturbing evolution in the Stealerium infostealer malware: it now automatically captures webcam photos of victims browsing pornography, enabling automated sextortion. This open-source tool marks a new low in privacy invasions, targeting individuals with tailored blackmail while reflecting a shift in cybercrime toward discreet, high-impact attacks.

Threat actor EncryptHub has injected HijackLoader and Fickle Stealer malware into the early access game 'Chemia' on Steam, exploiting platform trust to infect unsuspecting players. This marks the third such incident on Steam in 2025, highlighting systemic vulnerabilities in early access game vetting processes.

The Lumma infostealer malware operation has rapidly rebuilt its infrastructure and infection capabilities just weeks after a major international law enforcement takedown disrupted its operations. Despite the seizure of 2,300 domains, Lumma's operators leveraged cloud infrastructure shifts and new social engineering tactics to regain prominence, highlighting the limitations of infrastructure-only disruption against determined cybercriminals.