Summary:
Recently, cybersecurity experts at Unit 42 discovered a new piece of malware called Gremlin Stealer that has been spreading online since March 2025. It’s written in a computer language called C# and is designed to steal all kinds of personal data from people’s computers without them knowing.

The creators of this malware have been advertising and selling it on a Telegram channel called CoderSharp, where they brag about what it can do. It can grab data from web browsers, clipboard text, and files on your computer, and even steal login details for things like VPNs, crypto wallets, and FTP accounts. It can also collect your credit card information, Discord tokens, and Telegram sessions, and then send all of that stolen data to a private web server they control.

One of the big things Gremlin Stealer is known for is bypassing the security on Chrome’s newer cookie system (called Cookie v20), which was made to stop people from stealing login cookies. But Gremlin gets around that. It also looks for data from a long list of browsers, including both Chromium-based ones (like Chrome and Edge) and Gecko-based browsers (like Firefox). That means it can steal from most people’s web browsers.

In one example, Gremlin checks your computer to see if you use Litecoin, a type of cryptocurrency. If it finds it, it copies the wallet files that store your digital money. It does the same thing for other popular cryptocurrencies, too. Then, it zips all the stolen files up and uploads them to a server at the address 207.244.199[.]46. This server looks like a control panel where the criminals can log in, browse the stolen files, and download them.

The researchers also found out that Gremlin doesn’t just target stuff like passwords or cookies. It also tries to steal system information, like your PC’s username, RAM, CPU, and even your IP address. All this is done secretly in the background, and then the info is sent to the attacker’s server using something called a Telegram bot, which uses a hard-coded API key to talk to the Telegram servers.

Even though it sounds really technical, what this malware does is basically snoop on your computer, grab anything it thinks is valuable, and send it to a hacker’s private server, where they can use it to log in to your accounts or sell your information.

Security Officer Comments:
The good news is that there are tools out there that can help protect people and companies from malware like Gremlin Stealer. Security software that uses machine learning or can spot unusual behavior on a computer can catch threats even if they’re new. Tools that scan for suspicious websites, files, or network activity are also really helpful. Many organizations use advanced antivirus, threat detection systems, and firewalls to stay safe. Using a mix of these tools is one of the best ways to lower the chances of getting hacked.

Suggested Corrections:
If anyone thinks their computer might be infected with Gremlin Stealer, they should contact a trusted incident response team as soon as possible. The researchers behind the discovery have also shared their findings with information-sharing communities that help cybersecurity experts and organizations work together. These groups help spread important threat details quickly so others can take action to protect their systems and stop similar attacks from spreading.

Link(s):
https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/