Malicious Gremlin Infostealer Spreading Through Telegram Platform
In a recent report published by Palo Alto Networks' Unit 42, researchers have provided a technical analysis of a new strain of the Gremlin Stealer infostealer. This malware, first identified in mid-March 2025, has been causing concern among EMEA organizations due to its wide-ranging capabilities.
Gremlin Stealer, written in C#, operates on Windows computers and is a variant of information stealers. It is capable of collecting a vast array of sensitive data, including clipboard data, screenshots, local device metadata, credit card details, browser cookies, passwords, forms from various browsers, crypto wallet information, FTP service data, VPN credentials, Steam data, Discord tokens, and Telegram session data.
The malware group behind Gremlin Stealer claims to have uploaded large amounts of stolen data from victims' machines to a server at 207.244.199[.]46. The ZIP archive containing this stolen data is sent to the server through the URL hxxp[:]//207.244.199[.]46/index.php.
Despite being under active development, the current version of Gremlin Stealer is capable of stealing data from a wide range of software on a Windows computer. Interestingly, the build process of Gremlin Stealer does not download anything from the internet.
Stolen data by Gremlin Stealer is stored in plain text files under LOCAL_APP_DATA and then compressed into a ZIP archive. These archives can be downloaded or deleted from the Gremlin Stealer website, which currently hosts 14 such ZIP archives containing stolen data.
Gremlin Stealer is primarily advertised on a Telegram channel named CoderSharp. Despite extensive research, the author or group responsible for the development of Gremlin Stealer is not explicitly named. However, one result mentions a 23-year-old Scottish man linked to the Scattered Spider hacking group in relation to Gremlin Stealer activities.
It's crucial for organizations to be vigilant and implement robust security measures to protect against such threats. The report serves as a reminder of the constant evolving landscape of cyber threats and the need for continuous vigilance.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Inquire about the purpose of Max.
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
