Venom Stealer subscription and affiliate malware-service ecosystem
Threat Actor Meta
Summary
Hide ▲
Show ▼
Venom Stealer is being run as a subscription-based malware service with Telegram licensing and an affiliate program, signaling a more organized cybercrime ecosystem and increasing the scale of credential theft. The model makes it easier for operators to buy access, distribute attacks, and keep monetizing stolen data over time.
Related Happenings
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor Meta
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
**Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor MetaAbout this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
REMUS underground ecosystem shift changes threat-actor operations
Threat Actor Meta
First: 15.05.2026 17:02
Last: 15.05.2026 17:02
Sources 1
About this happening:
The **REMUS underground operation** is turning **REMUS** into a continuously updated **MaaS** product, increasing **operational scalability** and monetization risk across undergro...
REMUS underground ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: The **REMUS underground operation** is turning **REMUS** into a continuously updated **MaaS** product, increasing **operational scalability** and monetization risk across undergro...
Vidar infostealer market rise and distribution expansion
Malware Activity
First: 28.04.2026 22:07
Last: 28.04.2026 22:07
Sources 1
About this happening:
**Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Vidar infostealer market rise and distribution expansion
Malware ActivityAbout this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Timeline
-
01.04.2026 16:30 2 articles · 1mo ago
Venom Stealer subscription-based MaaS ecosystem identified
Initial DisclosureBlackFog researchers identified Venom Stealer as a malware-as-a-service platform sold on cybercrime networks that automates credential theft and continuous data exfiltration, integrates ClickFix social engineering into its operator panel, and uses a subscription model with Telegram-based licensing and an affiliate program; the platform was described as actively maintained with multiple updates released in March 2026.
Show sources
- New Venom Stealer MaaS Platform Automates Continuous Data Theft — www.infosecurity-magazine.com — 01.04.2026 16:30
- New Venom Stealer MaaS Platform Automates Continuous Data Theft — www.infosecurity-magazine.com — 01.04.2026 16:30