BusySnake Stealer Windows information-theft activity
Malware Activity
Summary
Hide ▲
Show ▼
The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasing credential-theft and exfiltration risk. The stealer also supports remote access and network tunneling through Go2Tunnel, making compromised hosts easier to control. Its delivery chain combines spear-phishing, RAR archives, and scheduled-task persistence to keep the malware running on infected machines.
Timeline
-
03.07.2026 16:36 1 articles · 6d ago
Armored Likho deploys BusySnake Stealer against Windows systems
Initial DisclosureKaspersky attributed Armored Likho to a campaign against government agencies and the electric power sector across Russia, Brazil, and Kazakhstan that uses BusySnake Stealer on Windows systems. The delivery chain relies on spear-phishing emails with official-notice and social-program lures, RAR archives, EXE droppers, GitHub-hosted payloads, VBScript files, and scheduled tasks, and the stealer can collect browser cookies, passwords, Telegram session and credential data, documents, screenshots, clipboard contents, wallet files, and keystroke data while also supporting Go2Tunnel reverse SSH tunneling and RustDesk execution.
Show sources
- Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer — thehackernews.com — 03.07.2026 16:36