Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Raven Stealer infostealer distributed via underground forums and cracked software

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Raven Stealer infostealer is now being distributed through underground forums and cracked software, creating a theft risk for Chromium-based browser credentials and application data. It targets Google Chrome, Microsoft Edge, Brave, and similar apps to collect cookies, autofill data, browsing history, and saved logins. The malware routes stolen data through Telegram for C2 and exfiltration, which can reduce visibility for defenders. It matters because the tool is built for stealth and can enable account compromise and follow-on abuse.

Related Happenings

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

CrystalRAT Telegram-promoted malware-as-a-service

Malware Activity
First: 02.04.2026 02:17 Last: 02.04.2026 02:17 Sources 1

About this happening: The **CrystalRAT** malware-as-a-service is being promoted on **Telegram** and **YouTube** with **remote access**, **data theft**, **keylogging**, and **clipboard hijacking**, incr...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

Venom Stealer MaaS infostealer with persistent credential harvesting

Malware Activity
First: 31.03.2026 17:51 Last: 31.03.2026 17:51 Sources 1

About this happening: The **Venom Stealer** infostealer now ships as **malware-as-a-service (MaaS)**, expanding access to a persistent credential-theft tool and raising risk for **Windows** users. It s...

Open Happening

Torg Grabber browser-extension theft activity

Malware Activity
First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

Open Happening

Timeline

  1. 17.09.2025 15:06 2 articles · 8mo ago

    Point Wild discloses Raven Stealer

    Initial Disclosure

    Point Wild's Lat61 Threat Intelligence disclosed Raven Stealer, a lightweight infostealer written primarily in Delphi and C++ that is spreading through underground forums and cracked software to target Chromium-based browsers such as Google Chrome, Microsoft Edge, and Brave, along with other applications. The malware harvests cookies, autofill data, browsing history, saved passwords, session cookies, and system details, uses a Telegram Chat ID and Bot Token for command-and-control and exfiltration, decrypts browser data with the Edge browser Local State AES key, compresses stolen artifacts into a .ZIP archive, and attempts to remove traces by rebooting into Safe Mode with Networking and using UltraAV.

    Show sources
    Open in new tab