Per Bleeping Computer, a new infostealer malware known as REMUS has emerged, with security researchers from Flare analyzing its underground operation and rapid evolution into a sophisticated malware-as-a-service (MaaS) platform.Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses. Initially focused on browser credential theft and basic log management, the operation rapidly expanded to include session theft, password manager targeting, and operational scalability. Updates introduced features like restore-token functionality, improved Telegram delivery, and enhanced operational visibility, shifting REMUS from a simple malware executable to a comprehensive platform.The malware exhibits technical similarities to Lumma Stealer, but its underground activity highlights a strong commercialization focus, emphasizing usability, 24/7 support, and high callback rates. By April 2026, REMUS incorporated support for password managers like 1Password and LastPass, and IndexedDB storage, indicating a move towards concentrated credential stores. This evolution signifies a broader trend in cybercrime, where MaaS operations prioritize continuous development, customer support, and long-term monetization through authenticated session theft and persistent access.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



