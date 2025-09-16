Cyble threat intelligence researchers have uncovered an infostealer campaign spreading the Maranhão Stealer through social engineering websites offering pirated software. The malware, with sophisticated techniques like reflective DLL injection, poses significant cybersecurity risks, based on information published by The Cyber Express.

The Maranhão Stealer campaign uses deceptive websites to distribute malicious files like DerelictSetup.zip, targeting victims for credential theft and cryptocurrency data extraction. The malware, written in Node.js and disguised as an Inno Setup installer, employs advanced tactics to evade detection, establish persistence, and conduct detailed host reconnaissance. Its capabilities include compromising credentials, account hijacking, and deploying further malware within victim environments.

The evolving nature of the Maranhão Stealer highlights the persistent threat posed by sophisticated infostealer campaigns. The malware's ability to adapt, conduct extensive system reconnaissance, and target sensitive data underscores the need for robust cybersecurity measures.