Malware

REMUS infostealer evolves into sophisticated malware-as-a-service platform

Per Bleeping Computer, a new infostealer malware known as REMUS has emerged, with security researchers from Flare analyzing its underground operation and rapid evolution into a sophisticated malware-as-a-service (MaaS) platform.

Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses. Initially focused on browser credential theft and basic log management, the operation rapidly expanded to include session theft, password manager targeting, and operational scalability. Updates introduced features like restore-token functionality, improved Telegram delivery, and enhanced operational visibility, shifting REMUS from a simple malware executable to a comprehensive platform.

The malware exhibits technical similarities to Lumma Stealer, but its underground activity highlights a strong commercialization focus, emphasizing usability, 24/7 support, and high callback rates. By April 2026, REMUS incorporated support for password managers like 1Password and LastPass, and IndexedDB storage, indicating a move towards concentrated credential stores. This evolution signifies a broader trend in cybercrime, where MaaS operations prioritize continuous development, customer support, and long-term monetization through authenticated session theft and persistent access.

Source: Bleeping Computer

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds