StealC infostealer delivered via FileFix phishing
Malware Activity
Summary
Hide ▲
Show ▼
A FileFix phishing operation is now delivering StealC infostealer, increasing the risk of credential theft and broader data exposure on infected Windows devices. The infection chain uses a disguised PowerShell command, hidden payloads, and in-memory decryption to evade detection. The malware can steal browser, messaging, wallet, cloud, VPN, and gaming data, and it can also capture screenshots.
Related Happenings
Vidar infostealer market rise and distribution expansion
Malware Activity
H score30
First: 28.04.2026 22:07
Last: 28.04.2026 22:07
Sources 1
About this happening:
**Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Vidar infostealer market rise and distribution expansion
Malware ActivityAbout this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Atomic Stealer (AMOS) macOS ClickFix Script Editor activity
Malware Activity
H score30
First: 09.04.2026 14:20
Last: 09.04.2026 14:20
Sources 1
About this happening:
A **macOS** malware campaign has shifted its **ClickFix** execution flow to **Script Editor**, helping **Atomic Stealer (AMOS)** avoid the usual **Terminal** warning path. The cha...
Atomic Stealer (AMOS) macOS ClickFix Script Editor activity
Malware ActivityAbout this happening: A **macOS** malware campaign has shifted its **ClickFix** execution flow to **Script Editor**, helping **Atomic Stealer (AMOS)** avoid the usual **Terminal** warning path. The cha...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
H score29
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Torg Grabber browser-extension theft activity
Malware Activity
H score36
First: 25.03.2026 20:32
Last: 25.03.2026 20:32
Sources 1
About this happening:
The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Torg Grabber browser-extension theft activity
Malware ActivityAbout this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Vidar Stealer 2.0 fake game-cheat distribution
Malware Activity
H score29
First: 18.03.2026 13:15
Last: 18.03.2026 13:15
Sources 1
About this happening:
The **Vidar Stealer 2.0** malware is being spread through **fake game-cheat repositories** and **Reddit lures**, putting players seeking cheats for major online games at risk of *...
Vidar Stealer 2.0 fake game-cheat distribution
Malware ActivityAbout this happening: The **Vidar Stealer 2.0** malware is being spread through **fake game-cheat repositories** and **Reddit lures**, putting players seeking cheats for major online games at risk of *...
Timeline
-
16.09.2025 15:00 2 articles · 9mo ago
Acronis reports FileFix campaign delivering StealC
Initial DisclosureAcronis reports a new FileFix social-engineering campaign that impersonates Meta account suspension warnings, uses a multi-language phishing page to push a disguised PowerShell command through File Explorer, and delivers StealC infostealer via a JPG hosted on Bitbucket that hides a second-stage PowerShell script and encrypted executables.
Show sources
- New FileFix attack uses steganography to drop StealC malware — www.bleepingcomputer.com — 16.09.2025 15:00
- New FileFix attack uses steganography to drop StealC malware — www.bleepingcomputer.com — 16.09.2025 15:00