A new malware called “PupkinStealer” has emerged, targeting individuals and organizations by stealing sensitive data. It exfiltrates information via the Telegram Bot API to evade detection.
Affected: Individuals, Enterprises
Affected: Individuals, Enterprises
Keypoints
- PupkinStealer is a C#-developed, 32-bit Windows executable designed to harvest browser credentials, personal files, messaging session data, and desktop screenshots.
- First observed in April 2025, it uses the Telegram Bot API to transmit stolen data to attacker-controlled servers, minimizing traceability.
- The malware targets Chromium-based browsers by decrypting stored credentials using AES-GCM algorithms and extracting session data from messaging platforms like Telegram and Discord.
- It captures desktop screenshots, copies targeted files, and compresses all collected data into ZIP archives with embedded metadata for exfiltration.
- PupkinStealer operates with a basic structure, relying on low-profile execution and legitimate services such as Telegram to avoid detection.
- Indicators of compromise include specific MD5 and SHA-256 hashes, exfiltration URLs, and Telegram bot details used for data transfer.
- Organizations should enhance endpoint security, network monitoring, and user awareness to defend against this emerging threat.
Read More: https://gbhackers.com/pupkinstealer-net-malware-steals-browser-data/