Russian Unit 26165 Targets Western Logistics and Technology Companies

SUMMARY :

Chihuahua Infostealer is a sophisticated .NET-based malware discovered in April 2025, targeting browser credentials and cryptocurrency wallet data. It employs multi-stage delivery through obfuscated PowerShell scripts, often using trusted platforms like Google Drive for initial distribution. The malware establishes persistence via scheduled tasks, performs hardware fingerprinting, and extensively harvests data from various browsers and crypto wallet extensions. It uses encryption for data exfiltration and employs cleanup routines to evade detection. The malware's origin is unclear, but Russian influences are suggested by embedded transliterated rap lyrics. Its advanced evasion techniques and targeted data theft capabilities make it a significant threat to personal and financial information.

OPENCTI LABELS :

powershell,infostealer,obfuscation,persistence,data-exfiltration,crypto-wallet-theft,chihuahua infostealer,browser-data-theft,.net-malware


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Russian Unit 26165 Targets Western Logistics and Technology Companies