New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials

A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground, actively promoted since mid-March 2025 on platforms like the Telegram channel CoderSharp.

Discovered by Unit 42 researchers at Palo Alto Networks, this malware, crafted in C#, poses a significant risk to individuals and organizations by targeting a wide array of sensitive data, including credit card information, browser cookies, and login credentials.

Its ongoing development and aggressive advertisement by its authors signal a persistent and evolving threat within the digital ecosystem.

Sophisticated Data Exfiltration Techniques

Gremlin Stealer is engineered to pilfer data from multiple sources on compromised systems, employing advanced techniques to bypass security mechanisms such as Chrome’s cookie V20 protection.

The malware meticulously extracts data from popular browsers-both Chromium and Gecko-based-along with cryptocurrency wallets, FTP and VPN credentials, and session data from applications like Telegram and Discord.

It also harvests system ...