Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
33 articles

#Infostealer

All CosmicBytez Labs articles tagged #Infostealer, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    ClickLock: New macOS Infostealer Kills Apps Every 210ms to Force Password Entry

    Group-IB researchers discovered ClickLock, a new macOS infostealer distributed via ClickFix lures that terminates all visible system processes in a loop until the victim surrenders their login password — with zero AV detections at discovery.

  • NewsJul 16, 2026

    ClickLock: New macOS Stealer Kills Every App Until You Type Your Password

    Group-IB researchers discovered ClickLock, a macOS infostealer that uses ClickFix social engineering to install a kill loop firing pkill every 210ms — trapping victims into surrendering their system password to restore their desktop.

  • NewsJul 11, 2026

    Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

    The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...

  • NewsJul 6, 2026

    Armored Likho APT Targeting Government and Electric Power Entities

    Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...

  • NewsJul 4, 2026

    Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

    Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...

  • NewsJul 4, 2026

    PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

    Jamf Threat Labs has discovered PamStealer, a sophisticated two-stage macOS infostealer that impersonates the Maccy clipboard manager, delivers a...

  • NewsletterJun 30, 2026

    June 30 Digest: BlueHammer Zero-Day, Ransomware Goes Corporate, AI Supply Chain Risks & Nation-State ICS Threats

    A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...

  • NewsJun 29, 2026

    Critical SimpleHelp Flaw Exploited to Deploy Djinn Infostealer

    Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...

  • NewsJun 29, 2026

    Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

    Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...

  • NewsJun 29, 2026

    In a First, a Court Takedown Goes After Two Cybercrime Tools at Once

    Microsoft and Europol dismantled both StealC and Amadey simultaneously in a single RICO filing — the first time a court-authorized takedown has targeted...

  • NewsJun 24, 2026

    Amadey and StealC Malware Networks Disrupted, 27 Million Stolen Credentials Recovered

    A coordinated law enforcement operation backed by Bitdefender, Bitsight, ESET, and Microsoft has dismantled the infrastructure powering Amadey and StealC,...

  • NewsJun 23, 2026

    New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

    Elastic Security Labs has uncovered OXLOADER, a sophisticated new malware loader using malvertising via Google Ads to target developers searching for...

  • NewsJun 19, 2026

    CryptoBandits Malware Doubles as a Backdoor, Abuses Tor for Stealthy C2

    A newly detailed malware family called CryptoBandits routes all traffic through a local SOCKS5 proxy and the Tor network, blending credential theft with...

  • NewsJun 5, 2026

    IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

    Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

  • NewsJun 4, 2026

    Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

    Researchers have uncovered a large-scale SEO poisoning campaign that uses fake open-source and freeware project sites to funnel victims through a Traffic…

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…

  • NewsMay 31, 2026

    ChatGPT Share Links Abused to Host Fake Outage Pages Delivering Malware

    Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT…

  • NewsMay 20, 2026

    Ukraine Identifies Infostealer Operator Tied to 28,000

    Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...

  • NewsMay 19, 2026

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...

  • NewsMay 18, 2026

    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

    Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...

  • NewsMay 17, 2026

    Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

    A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...

  • NewsMay 9, 2026

    Fake OpenAI Repository on Hugging Face Pushes Infostealer

    A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...

  • NewsApr 2, 2026

    Claude Code Leak Used to Push Infostealer Malware on GitHub

    Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...

  • NewsMar 31, 2026

    Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

    A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...

  • NewsMar 30, 2026

    DeepLoad Malware Uses ClickFix and WMI Persistence to Steal

    Researchers have identified DeepLoad, a previously undocumented malware loader that combines ClickFix social engineering with WMI-based persistence to...

  • NewsMar 28, 2026

    Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV

    Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...

  • NewsMar 28, 2026

    Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

    A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...

  • NewsMar 23, 2026

    Trivy Hack Spreads Infostealer via Docker, Triggers Worm

    The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...

  • NewsMar 22, 2026

    VoidStealer Malware Steals Chrome Master Key via Debugger

    A new infostealer named VoidStealer bypasses Chrome's Application-Bound Encryption by attaching a remote debugger to the browser process and using the...

  • NewsFeb 17, 2026

    Trojanized MCP Server Deploys StealC Infostealer Targeting

    A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...

  • NewsFeb 15, 2026

    Russian APT 'ChainReaver' Hijacks 50 GitHub Accounts and Mirrors

    A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...

  • NewsFeb 14, 2026

    Claude AI Artifacts Abused to Distribute macOS Infostealer

    Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...