Gremlin Stealer: New Stealer on Sale in Underground Forum
Essential information
- Published
- 29/04/2025 16:27
- Modified
- 29/04/2025 21:22
- Tags
- 2025-04-29 browser c++ cryptocurrency data exfiltration ftp gremlin stealer infostealer telegram vpn
- Related entities
- 2 observables, 2 techniques (mitre), 1 malware
Description
A new information-stealing malware called Gremlin Stealer, written in C#, has been identified by researchers. Advertised on Telegram since March 2025, it targets a wide range of data including browser information, crypto wallets, FTP and VPN credentials. The malware exfiltrates stolen data to a web server for publication. It can bypass Chrome's cookie V20 protection and supports various Chromium and Gecko-based browsers. Gremlin Stealer also targets cryptocurrency wallets, Telegram and Discord sessions, and system information. The stolen data is compressed into a ZIP archive and sent to the attacker's server using a Telegram bot. This evolving threat highlights the need for robust cybersecurity measures to protect against such information stealers.