PupkinStealer Targets Windows Users to Steal Browser Login Credentials

A newly identified information-stealing malware dubbed PupkinStealer has emerged as a significant threat to Windows users, with its first sightings reported in April 2025.

Written in C# using the .NET framework, this malicious software is engineered to pilfer sensitive data, including browser credentials, messaging app sessions from platforms like Telegram and Discord, desktop documents, and full-screen screenshots.

What sets PupkinStealer apart is its cunning use of Telegram’s Bot API for data exfiltration, a method that leverages encrypted, trusted infrastructure to bypass traditional network filtering tools.

This approach makes it particularly challenging for security systems to detect and block the malware’s outbound communications.

New C# Malware Exploits Telegram

Distributed as an unsigned .NET executable, PupkinStealer relies on social engineering tactics such as phishing emails, fake downloads, or instant messaging lures to trick victims into manually executing the malicious file.

Once launched, it asynchronously executes a series of targeted functions ...