-
Misericorde Stealer
A user on BHF advertised a new MaaS stealer named Misericorde Stealer. The text of the post and screenshots of the panel is taken “as-is” from the thread on the BHF forum. Misericorde Stealer(C++ stub) – USER-HOST PANEL / v10&v20 decrypt / FOR ALL 79$+ Misericorde Panel is our main advantage – security and privacy,…
-
User on XSS forum opens a beta test of a new stealer – TheVoid
A user on the XSS forum made a post about the newly developed stealer and publicly opened beta testing of the product. Below is the machine translation of forum post. The machine translation is done by using DeepL.com, and some minor edits by me. All the screenshots are taken from the XSS forum. TheVoid –…
-
MioLab MacOS Stealer
A new MacOS infostealer MaaS, named MioLab, was advertised on the XSS forum. Below is the machine translation of forum post. The machine translation is done by using DeepL.com, and some minor edits by me. The screenshots is taken from the XSS forum. I have skipped few text snippets from the post, wasn’t sure if…
-
Scania Insurance Files Leaked
In June 2025, Scania, a Swedish manufacturer of heavy trucks, industrial and marine engines, confirmed that they have been a subject of an cyberattack. According to the company their systems were breached on 28th May 2025, where a threat actor used leaked credentials from an infostealer infection to gain the foothold. The company has confirmed…
-
AURA Stealer
A new infostealer MaaS, named AURAStealer, was advertised on the XSS forum. Below is the machine translation of forum post. The machine translation is done by using DeepL.com. All the screenshots are taken from the XSS forum. I have skipped few screenshots of the MaaS’s panel due to them being nearly the same as other…
-
123 Stealer
A new stealer has popped up. Below is a copy-paste of the thread from the XSS forum. Machine translated with some minor edits by me. Stealer, collects browser data, cookies, passwords, file grabber, process grabber, Chrome browser extensions, crypto wallet collection, well basically default stuff like every other stealer collects. You will need your own…
-
Bee Stealer
I know, I did a boo-boo. I saw the posting of Bee Stealer (BeeStealer) on the XSS forum in the first half of May, but somehow it didn’t register in the back-end (brain), and therefore missed to include it earlier. Better late than never. Below is a copy-paste of the thread from the XSS forum.…
-
Basic analysis of Kidflix users’ passwords
On 11 March 2025, one of the biggest child sexual abuse material (CSAM) platforms, named Kidflix, was taken down in an international law enforcement effort dubbed Operation Stream. Kidflix launched in 2021 and hosted over 91,000 unique videos while it was active. The investigation into the platform started in 2022 and resulted in 79 arrests,…
-
StealC V2 – A Major Update to a Popular Infostealer
In the beginning of March 2025, user of XSS forum “plymouth” made a post in their stealer thread about the upcoming major update to the infostealer. Finally, on 30th March they posted announcement and details of the StealC V2 release. According to the user, the development of the second version took half a year, and…
-
Nightly claims to have access to Commercial Bank of Qatar
A user on a Russian-speaking forum XSS claims to have access to database of Commercial Bank of Qatar. User of the forum, who goes by name of nightly, has made a thread with minimal information about the access and hasn’t shared any (sample/full) data yet. However, given the past behaviour of the user, we can…