PupkinStealer .NET Infostealer Using Telegram for Data Theft

SUMMARY :

PupkinStealer is a newly identified .NET-based information-stealing malware that extracts sensitive data like web browser passwords and app session tokens, exfiltrating it via Telegram. It targets Chromium-based browsers, Telegram, and Discord, focusing on credential theft and session hijacking. The malware performs minimal system discovery, collects files from the desktop, and captures a screenshot. It packages stolen data into a ZIP archive and sends it to the attacker through Telegram's Bot API. PupkinStealer doesn't employ persistence mechanisms, relying on quick execution and low-profile behavior. Its primary evasion technique is leveraging legitimate Telegram infrastructure for communication.

OPENCTI LABELS :

infostealer,credential theft,session hijacking,pupkinstealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PupkinStealer .NET Infostealer Using Telegram for Data Theft