Novel Gremlin Stealer malware emerges

Data theft could be conducted by threat actors through the novel Gremlin Stealer malware, which has been promoted through the CoderSharp Telegram channel since mid-March, reports Infosecurity Magazine. Aside from pilfering clipboard data and screenshots, local device metadata, Chromium- and Gecko-based browser-stored information, cryptocurrency wallet details, Steam data, File Transfer Protocol service details, Telegram session data, and VPN credentials that are later exfiltrated through a Telegram bot, the actively developed Gremlin Stealer also circumvents Chrome cookie V20 defenses, according to an analysis from Palo Alto Networks Unit 42. Operators of the C#-based information-stealing malware also asserted the use of a hard-coded Telegram API key to upload massive troves of stolen data to a server at 207.244.199[.]46. Over a dozen ZIP archives with exfiltrated information, which could either be removed or downloaded by users, are already being hosted by the Gremlin Stealer website, said Unit 42 researchers.