The GIFTEDCROOK malware has evolved from a basic browser data stealer to a sophisticated tool for intelligence gathering targeting Ukrainian authorities. Arctic Wolf Labs highlights its recent campaigns focused on exfiltrating sensitive documents through targeted phishing attacks. #GIFTEDCROOK #UkrainianGovernment #CyberEspionage
Keypoints
- GIFTEDCROOK malware was first detected in April 2025 targeting Ukrainian military and government entities.
- The malware has been upgraded to harvest a wide range of documents, including proprietary files and VPN configurations.
- Phishing campaigns utilize military-themed PDFs and macro-enabled Excel files to deploy the malware.
- Stolen data is compressed into ZIP files and exfiltrated via Telegram channels, avoiding detection.
- The malwareβs evolution indicates a focus on geopolitical intelligence collection aligned with regional tensions.
Read More: https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html