Venom Stealer Raises Stakes With Continuous Credential Harvesting
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek.
Stolen credentials are the primary access route for cybercriminals. The use of infostealers to supply those credentials is the basis of modern cybercrime.
Infostealers continuously improve in both sophistication and use. Venom Stealer is a newly discovered kit available through malware-as-a-service (MaaS) to anybody wishing to use it. It is not sold but provided on license at $250 per month or $1,800 for lifetime usage. This provides use and updates.
The Venom Stealer kit, discovered and analyzed by BlackFog, demonstrates both the improving sophistication of infostealers and the ongoing efficiency of the MaaS marketplace. Under the handle of VenomStealer, the developer sells both licensing and an affiliate program via Telegram. Frequent updates to the kit show the value of licensing over outright purchase, and suggest this is a full-time operation for the developer.
Source: https://www.securityweek.com/venom-stealer-raises-stakes-with-continuous-credential-harvesting/
Related breach coverage
- ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload2026-03-11
The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. The post ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload appeared first on SecurityWeek.
- Over 100 GitHub Repositories Distributing BoryptGrab Stealer2026-03-07
The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek.
- US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor2026-04-24
The malware provides remote access and control of infected devices and maintains post-patching persistence. The post US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor appeared first on SecurityWeek.
- Google Rolls Out Cookie Theft Protections in Chrome2026-04-10
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.