“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and enterprises.

Developed in C# using the .NET framework, this 32-bit GUI-based Windows executable targets sensitive user data with a focused and efficient approach.

First observed in April 2025, PupkinStealer is designed to harvest a specific range of data, including browser credentials, personal files from desktops, session information from messaging platforms like Telegram and Discord, and desktop screenshots.

What makes this malware particularly insidious is its method of exfiltration, leveraging the Telegram Bot API to transmit stolen data to attacker-controlled servers with minimal traceability.

A New Threat in the Cyber Landscape

PupkinStealer, with a file size of 6.21 MB and identified by the MD5 hash fc99a7ef8d7a2028ce73bf42d3a95bce, operates by initiating multiple asynchronous tasks upon execution.

Its Main() method, managed by the .NET Common Language Runtime (CLR), orchestrates data theft through distinct ...