Gremlin Stealer: New Stealer on Sale in Underground Forum

    Wednesday, April 30, 2025 In: Threat Research Print

    Date: 04/30/2025

    Severity: Medium

    Summary

    Gremlin Stealer is a newly discovered information-stealing malware written in C# and actively promoted on a Telegram group since March 2025. Designed to target Windows systems, it exfiltrates sensitive data—including browser cookies, credit card information, clipboard contents, crypto wallets, FTP, and VPN credentials—and uploads it to a remote server. The malware scans for various applications on victims’ devices to maximize data theft. Its emergence adds to the growing threat landscape of stealers, highlighting the need for robust protection measures.

    Indicators of Compromise (IOC) List

    URL/Domain

    http://207.244.199.46/index.php

    Hash

    d1ea7576611623c6a4ad1990ffed562e8981a3aa209717065eddc5be37a76132

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    domainname like "http://207.244.199.46/index.php" or siteurl like "http://207.244.199.46/index.php" or url like "http://207.244.199.46/index.php"

    Detection Query 2

    sha256hash IN ("d1ea7576611623c6a4ad1990ffed562e8981a3aa209717065eddc5be37a76132")

    Reference:  

    https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/


    Tags

    MalwareGremlin StealerExfiltrationData Stealer

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.