Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
Summary
Hide ▲
Show ▼
The Venom Stealer malware-as-a-service platform has been identified as a credential-theft threat that keeps exfiltrating data after infection, extending the window for account takeover and crypto theft. It folds ClickFix social engineering into its operator panel so attackers can automate the path from lure to data theft. The malware targets Chromium and Firefox-based browsers for saved passwords, session cookies, autofill data, browsing history, and wallet information. The platform is also sold on cybercrime networks and was described as actively maintained with multiple updates in March 2026.
Related Happenings
ClickFix mitigation guidance for Windows and macOS
Defensive Guidance
H score34
First: 30.06.2026 15:00
Last: 30.06.2026 15:00
Sources 1
About this happening:
Organizations are being urged to harden defenses against **ClickFix** on **Windows** and **macOS**, reducing the chance that social-engineering lures can turn trusted dialogs into...
ClickFix mitigation guidance for Windows and macOS
Defensive GuidanceAbout this happening: Organizations are being urged to harden defenses against **ClickFix** on **Windows** and **macOS**, reducing the chance that social-engineering lures can turn trusted dialogs into...
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Hotel and hospitality photo-ZIP phishing campaign
Campaign
H score40
First: 26.06.2026 12:27
Last: 26.06.2026 12:27
Sources 1
About this happening:
An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Hotel and hospitality photo-ZIP phishing campaign
CampaignAbout this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
MacOS ClickFix Terminal-delivered DMG campaign
Campaign
H score37
First: 23.06.2026 21:30
Last: 23.06.2026 21:30
Sources 1
About this happening:
A **macOS ClickFix campaign** is using **fake CAPTCHA pages** and **Terminal commands** to quietly download and launch malicious **DMG files**, putting **Mac devices** at risk of...
MacOS ClickFix Terminal-delivered DMG campaign
CampaignAbout this happening: A **macOS ClickFix campaign** is using **fake CAPTCHA pages** and **Terminal commands** to quietly download and launch malicious **DMG files**, putting **Mac devices** at risk of...
USB-spreading clipboard-stealing malware targeting cryptocurrency wallets
Malware Activity
H score27
First: 18.06.2026 19:20
Last: 18.06.2026 19:20
Sources 1
About this happening:
A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...
USB-spreading clipboard-stealing malware targeting cryptocurrency wallets
Malware ActivityAbout this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...
Timeline
-
31.03.2026 03:00 2 articles · 3mo ago
BlackFog identifies Venom Stealer MaaS
Initial DisclosureBlackFog researchers identify Venom Stealer, a malware-as-a-service platform sold on cybercrime networks that integrates ClickFix social engineering into its operator panel, automates credential theft and continuous data exfiltration, and steals saved passwords, session cookies, browsing history, autofill data and cryptocurrency wallet information from Chromium and Firefox-based browsers while continuously monitoring Chrome's login database for newly saved credentials.
Show sources
- New Venom Stealer MaaS Platform Automates Continuous Data Theft — www.infosecurity-magazine.com — 01.04.2026 16:30
- New Venom Stealer MaaS Platform Automates Continuous Data Theft — www.infosecurity-magazine.com — 01.04.2026 16:30