Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Venom Stealer MaaS infostealer with persistent credential harvesting

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Venom Stealer infostealer now ships as malware-as-a-service (MaaS), expanding access to a persistent credential-theft tool and raising risk for Windows users. It steals browser passwords, session cookies, autofill data, and cryptocurrency wallet vaults. March 2026 updates added a silent background listener that keeps checking for newly saved passwords and wallet activity. The kit also uses ClickFix social engineering lures and automated exfiltration and cracking steps to speed theft and fund sweeping.

Related Happenings

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Open Happening

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
First: 07.05.2026 21:00 Last: 07.05.2026 21:00 Sources 1

About this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...

Open Happening

CloudZ RAT Pheno Microsoft Phone Link credential-theft activity

Malware Activity
First: 05.05.2026 13:03 Last: 05.05.2026 13:03 Sources 1

About this happening: The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...

Open Happening

Atomic Stealer (AMOS) macOS ClickFix Script Editor activity

Malware Activity
First: 09.04.2026 14:20 Last: 09.04.2026 14:20 Sources 1

About this happening: A **macOS** malware campaign has shifted its **ClickFix** execution flow to **Script Editor**, helping **Atomic Stealer (AMOS)** avoid the usual **Terminal** warning path. The cha...

Open Happening

Atomic Stealer macOS Script Editor ClickFix campaign

Campaign
First: 08.04.2026 21:55 Last: 08.04.2026 21:55 Sources 1

About this happening: A **new Atomic Stealer (AMOS)** campaign is targeting **macOS users** through **fake Apple-themed cleanup sites**, creating a lower-friction path to malware installation and data...

Open Happening

Timeline

  1. 31.03.2026 17:51 2 articles · 1mo ago

    BlackFog discloses Venom Stealer MaaS

    Initial Disclosure

    BlackFog analyzes Venom Stealer, a malware-as-a-service infostealer sold via Telegram under the VenomStealer handle, and details Cloudflare DNS-backed custom domains, pre-built ClickFix lures, Windows targeting, cross-browser credential theft, wallet theft, and March 2026 updates that added a silent background listener plus Chrome v10/v20 password-encryption bypass support.

    Show sources
    Open in new tab