PupkinStealer is a newly identified .NET-based information-stealing malware that extracts sensitive data like web browser passwords and app session tokens, exfiltrating it via Telegram. It targets Chromium-based browsers, Telegram, and Discord, focusing on credential theft and session hijacking. The malware performs minimal system discovery, collects files from the desktop, and captures a screenshot. It packages stolen data into a ZIP archive and sends it to the attacker through Telegram's Bot API. PupkinStealer doesn't employ persistence mechanisms, relying on quick execution and low-profile behavior. Its primary evasion technique is leveraging legitimate Telegram infrastructure for communication.