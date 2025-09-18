Attacks with the new Python-based XillenStealer malware have been launched to exfiltrate system information, cryptocurrency wallet details, and browser credentials from Windows systems, reports GBHackers News.Aside from leveraging advanced decryption routines to enable plaintext credential retrieval from the encrypted storage of Chromium-based browsers, XillenStealer also looks to steal private keys and wallet files from AtomicWallet, Exodus, Electrum, and Coinomi, while nabbing Steam credentials, Discord authentication tokens, and Telegram session files, among other information, for extensive target profiling, a Cyfirma analysis revealed.Massive data files are also being broken down by XillenStealer into segments smaller than 45 MB for more efficient exfiltration via Telegram. Moreover, XillenStealer has also been bypassing detection and ensuring persistence through comprehensive virtualization environment checking, scheduled tasks, and process injections into Windows processes. Threat actors with access to the XillenStealer Builder V3.0 could also craft highly personalized information-stealing malware intrusions without much difficulty, said researchers, who urged the implementation of robust endpoint detection and response systems to counter such a threat.
Windows targeted by XillenStealer payload
