CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Raven Stealer Infostealer Targets Chromium Browsers and Applications

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

A new infostealer malware, Raven Stealer, targets Chromium-based browsers and other applications to steal credentials and data. Developed in Delphi and C++, Raven Stealer is distributed via underground forums and cracked software. It uses Telegram for command-and-control and data exfiltration, making it difficult to detect. The malware harvests cookies, autofill entries, browsing history, and other sensitive information from browsers like Google Chrome and Microsoft Edge. It also steals credentials from various applications and performs real-time data exfiltration. Raven Stealer represents a persistent threat to both personal and enterprise environments. Raven Stealer is promoted via a dedicated Telegram channel and offers a streamlined user interface and support for dynamic modules. Upon execution, the malware aggregates harvested data into a well-organized format and transmits it to the threat actor. It targets browser-based authentication data, including saved passwords and session cookies, and accesses local storage paths and credential vaults to extract this data. The malware uses Telegram for exfiltration, sending stolen data through encrypted messaging channels. After exfiltration, Raven Stealer reboots into Safe Mode with Networking and uses UltraAV antivirus to delete malicious files, eliminating any trace of its activity.

Timeline

  1. 17.09.2025 15:06 πŸ“° 1 articles Β· ⏱ 6h ago

    Raven Stealer Infostealer Targets Chromium Browsers and Applications

    A new infostealer malware, Raven Stealer, targets Chromium-based browsers and other applications to steal credentials and data. Developed in Delphi and C++, Raven Stealer is distributed via underground forums and cracked software. It uses Telegram for command-and-control and data exfiltration, making it difficult to detect. The malware harvests cookies, autofill entries, browsing history, and other sensitive information from browsers like Google Chrome and Microsoft Edge. It also steals credentials from various applications and performs real-time data exfiltration. Raven Stealer aggregates harvested data into a well-organized format and transmits it to the threat actor. The malware targets browser-based authentication data, including saved passwords and session cookies, and accesses local storage paths and credential vaults to extract this data. After exfiltration, Raven Stealer reboots into Safe Mode with Networking and uses UltraAV antivirus to delete malicious files, eliminating any trace of its activity.

    Show sources
    Open in new tab

Information Snippets

  • Raven Stealer is a lightweight infostealer malware developed in Delphi and C++.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • The malware is distributed via underground forums and cracked software.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • Raven Stealer targets Chromium-based browsers and other applications to steal credentials and data.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • The malware uses Telegram for command-and-control and data exfiltration.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • Raven Stealer harvests cookies, autofill entries, browsing history, and other sensitive information.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • The malware aggregates harvested data into a well-organized format and transmits it to the threat actor.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • Raven Stealer targets browser-based authentication data, including saved passwords and session cookies.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • The malware uses Telegram for exfiltration, sending stolen data through encrypted messaging channels.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • After exfiltration, Raven Stealer reboots into Safe Mode with Networking and uses UltraAV antivirus to delete malicious files.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources

  • Raven Stealer represents a persistent threat to both personal and enterprise environments.

    First reported: 17.09.2025 15:06
    πŸ“° 1 source, 1 article
    Show sources