This video explores Gremlin Stealer, a recently identified info stealer malware marketed on underground forums and Telegram. The host conducts a technical analysis, examining its distribution methods, capabilities, and attempts to track its presence across various dark web and messaging channels.
Keypoints :
- The Gremlin Stealer is a new info stealer malware written in C, advertised since March 2025 on Telegram and dark web forums.
- It exfiltrates sensitive data such as credit card info, browser cookies, cryptocurrency wallets, and VPN credentials, uploading the data to a web server via a Telegram API.
- The malware is distributed mainly through Telegram channels like Codersharp, which also advertises its features and sale options, often with minimal transparency.
- Threat actors actively promote and share the malware and associated data among underground communities and Telegram chats, with some communication in Russian.
- The analysis includes examining malware samples, detection hashes on VirusTotal, and investigation of associated infrastructure, though many servers are offline now.
- The malwareβs code includes techniques to bypass modern Chrome cookie protections, and it typically reports data back via a Telegram bot.
- Open-source and proprietary tools like Flare are used by researchers to monitor, analyze, and track the distribution and activity of the Gremlin Stealer and its developers.
- Youtube Video: https://www.youtube.com/watch?v=t7vBdvfBG-Q
- Youtube Channel: https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw
- Youtube Published: Mon, 12 May 2025 13:01:39 +0000