RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration

SUMMARY :

Raven Stealer is a modern information-stealing malware developed in Delphi and C++, designed to extract sensitive data from victim machines. It targets Chromium-based browsers, extracting passwords, cookies, payment details, and autofill information. The malware uses a modular architecture and a built-in resource editor, allowing attackers to embed configuration details directly into the compiled payload. Raven Stealer is packed using UPX, reducing its size and improving evasion against static detection. It executes in a hidden state, leaving no visible traces during runtime. The malware is actively distributed through GitHub repositories and promoted via a Telegram channel, which functions as both a development log and distribution platform. Raven Stealer's use of Telegram for C2-like behavior, paired with a clean user interface and dynamic module support, positions it as a commercially attractive tool within the commodity malware ecosystem.

OPENCTI LABELS :

data exfiltration,credential theft,information-stealing,octalyn stealer,raven stealer,upx packing


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration