Gremlin Stealer: New Stealer on Sale in Underground Forum

SUMMARY :

A new information-stealing malware called Gremlin Stealer, written in C#, has been identified by researchers. Advertised on Telegram since March 2025, it targets a wide range of data including browser information, crypto wallets, FTP and VPN credentials. The malware exfiltrates stolen data to a web server for publication. It can bypass Chrome's cookie V20 protection and supports various Chromium and Gecko-based browsers. Gremlin Stealer also targets cryptocurrency wallets, Telegram and Discord sessions, and system information. The stolen data is compressed into a ZIP archive and sent to the attacker's server using a Telegram bot. This evolving threat highlights the need for robust cybersecurity measures to protect against such information stealers.

OPENCTI LABELS :

vpn,data exfiltration,infostealer,telegram,cryptocurrency,browser,ftp,c#,gremlin stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Gremlin Stealer: New Stealer on Sale in Underground Forum