Find notable cyber news and cases, enriched with sources, timelines, and signals.

Venom Stealer MaaS infostealer with persistent credential harvesting

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The Venom Stealer infostealer now ships as malware-as-a-service (MaaS), expanding access to a persistent credential-theft tool and raising risk for Windows users. It steals browser passwords, session cookies, autofill data, and cryptocurrency wallet vaults. March 2026 updates added a silent background listener that keeps checking for newly saved passwords and wallet activity. The kit also uses ClickFix social engineering lures and automated exfiltration and cracking steps to speed theft and fund sweeping.

Related Happenings

Rust-based clipboard hijacker that swaps wallet addresses

Malware Activity
H score10 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: The **Rust-based clipper** is a **Windows and macOS** malware activity that **replaces copied cryptocurrency wallet addresses** with attacker-controlled destinations. It continuou...

OnyxC2 stealer remote-access and credential-theft activity

Malware Activity
H score23 First: 11.06.2026 16:00 Last: 11.06.2026 16:00 Sources 1

About this happening: The **OnyxC2 stealer** has expanded into **remote-access and persistence-enabled credential theft**, giving buyers a way to harvest browser, extension, wallet, and business-app da...

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
H score10 First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
H score34 First: 07.05.2026 21:00 Last: 07.05.2026 21:00 Sources 1

About this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...

CloudZ RAT Pheno Microsoft Phone Link credential-theft activity

Malware Activity
H score24 First: 05.05.2026 13:03 Last: 05.05.2026 13:03 Sources 1

About this happening: The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...

Timeline

  1. 31.03.2026 17:51 2 articles · 3mo ago

    BlackFog discloses Venom Stealer MaaS

    Initial Disclosure

    BlackFog analyzes Venom Stealer, a malware-as-a-service infostealer sold via Telegram under the VenomStealer handle, and details Cloudflare DNS-backed custom domains, pre-built ClickFix lures, Windows targeting, cross-browser credential theft, wallet theft, and March 2026 updates that added a silent background listener plus Chrome v10/v20 password-encryption bypass support.

    Show sources