216.73.217.126

Russian Unit 26165 Targets Western Logistics and Technology Companies

· Published 27/05/2025 23:59 · Modified 28/05/2025 13:16

Export JSON

Essential information

Published
27/05/2025 23:59
Modified
28/05/2025 13:16
Tags
.net-malware 2025-05-27 browser data theft chihuahua infostealer crypto-wallet-theft data exfiltration infostealer obfuscation persistence powershell
Related entities
10 observables, 12 techniques (mitre), 1 malware, 2 others

Description

is a sophisticated .NET-based malware discovered in April 2025, targeting browser credentials and cryptocurrency wallet data. It employs multi-stage delivery through obfuscated scripts, often using trusted platforms like Google Drive for initial distribution. The malware establishes via scheduled tasks, performs hardware fingerprinting, and extensively harvests data from various browsers and crypto wallet extensions. It uses encryption for and employs cleanup routines to evade detection. The malware's origin is unclear, but Russian influences are suggested by embedded transliterated rap lyrics. Its advanced evasion techniques and targeted data theft capabilities make it a significant threat to personal and financial information.

External references