Find notable cyber news and cases, enriched with sources, timelines, and signals.

BusySnake Stealer Windows information-theft activity

Malware Activity
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasing credential-theft and exfiltration risk. The stealer also supports remote access and network tunneling through Go2Tunnel, making compromised hosts easier to control. Its delivery chain combines spear-phishing, RAR archives, and scheduled-task persistence to keep the malware running on infected machines.

Timeline

  1. 03.07.2026 16:36 1 articles · 6d ago

    Armored Likho deploys BusySnake Stealer against Windows systems

    Initial Disclosure

    Kaspersky attributed Armored Likho to a campaign against government agencies and the electric power sector across Russia, Brazil, and Kazakhstan that uses BusySnake Stealer on Windows systems. The delivery chain relies on spear-phishing emails with official-notice and social-program lures, RAR archives, EXE droppers, GitHub-hosted payloads, VBScript files, and scheduled tasks, and the stealer can collect browser cookies, passwords, Telegram session and credential data, documents, screenshots, clipboard contents, wallet files, and keystroke data while also supporting Go2Tunnel reverse SSH tunneling and RustDesk execution.

    Show sources