Latest Infostealer news

A new loader called DeepLoad steals credentials from the moment of infection and reinfected a cleaned host three days after remediation through hidden WMI persistence. ReliaQuest says the obfuscation layer was likely AI-generated.

Three days after LiteLLM, TeamPCP hit the Telnyx Python SDK on PyPI. Malicious versions 4.87.1 and 4.87.2 hid a credential stealer inside WAV audio files. The RSA-4096 key is byte-for-byte identical to the LiteLLM payload.

Seven Steam games secretly installed malware that drained crypto wallets and harvested credentials. The FBI named all seven titles and is seeking victims. One game alone stole $150,000 from hundreds of players.

A fake CleanMyMac website tricks macOS users into running a Terminal command that installs SHub Stealer — an infostealer targeting 14 browsers and 102 crypto extensions. Worse, it silently backdoors Exodus, Ledger, Atomic, and Trezor wallets to harvest seed phrases …