Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Gremlin Stealer Malware Sold on Telegram

April 30, 2025
Reading Time: 2 mins read
in Alerts
Apple AirPlay Bugs Expose Devices to Attacks

Gremlin Stealer, a new infostealer variant, has emerged, gaining attention for its advanced capabilities. According to Palo Alto Networks’ Unit 42, the malware is primarily promoted through a Telegram channel called CoderSharp. Although still under development, it is already capable of stealing data from various software on Windows devices, including browsers, clipboard data, and local disks. The malware’s capabilities allow it to target a broad range of sensitive information, making it a serious security threat.

The malware is written in C# and exfiltrates data to a web server for publication. Gremlin Stealer is designed to bypass protections like Chrome’s cookie V20 and does not rely on downloading additional content from the internet. It collects data such as clipboard content, screenshots, device metadata (like IP address and system specs), and various credentials from browsers, crypto wallets, FTP services, and VPNs. This extensive data collection gives the malware the ability to steal a wide range of personal and sensitive information.

Once the data is collected, Gremlin Stealer stores it in plain text files in a folder under LOCAL_APP_DATA. The files are then compressed into a ZIP archive and transmitted to a server through a hard-coded Telegram API key. The server, hosted at 207.244.199[.]46, facilitates the uploading of stolen data. The data is accessible via a web portal that hosts ZIP archives containing the stolen files. Victims’ data can be deleted or downloaded by those behind the malware.

Researchers note that the malware’s growing reach is alarming, as its use of Telegram for data exfiltration provides a reliable communication channel for the attackers. With the ability to steal diverse types of sensitive information, Gremlin Stealer poses significant risks to individuals and organizations. The ongoing development of the malware suggests that it could evolve into an even more dangerous threat if not swiftly addressed.

Reference:
  • Gremlin Stealer Malware Advertised on Telegram Steals Sensitive Data from Victims
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Forminator Plugin Flaw Risks 600,000 Sites

Forminator Plugin Flaw Risks 600,000 Sites

July 2, 2025
Forminator Plugin Flaw Risks 600,000 Sites

Oil-Themed Phishing Spreads Snake Keylogger

July 2, 2025
Forminator Plugin Flaw Risks 600,000 Sites

Kimsuky Tricks Users Into Self Hacking

July 2, 2025
C4 Bomb Cracks Chrome Cookie Encryption

Scammers Use Fake Ads to Steal Pi Wallets

July 1, 2025
C4 Bomb Cracks Chrome Cookie Encryption

Blind Eagle Uses VBS Scripts to Deploy RATs

July 1, 2025
C4 Bomb Cracks Chrome Cookie Encryption

C4 Bomb Cracks Chrome Cookie Encryption

July 1, 2025

Latest Alerts

Oil-Themed Phishing Spreads Snake Keylogger

Forminator Plugin Flaw Risks 600,000 Sites

Kimsuky Tricks Users Into Self Hacking

Scammers Use Fake Ads to Steal Pi Wallets

Blind Eagle Uses VBS Scripts to Deploy RATs

C4 Bomb Cracks Chrome Cookie Encryption

Subscribe to our newsletter

    Latest Incidents

    Cyberattack on Brazils CM Software Vendor

    Cyberattack Halts Hero España Production

    Hacker Attack on Australian Airline Qantas

    Cyberattack Hits Austrian Hospital Vendor

    Sophisticated Attack Hits War Crimes Court

    Ransomware Hits Swiss Government Vendor

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial