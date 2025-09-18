Attacks with the new Python-based XillenStealer malware have been launched to exfiltrate system information, cryptocurrency wallet details, and browser credentials from Windows systems, reports GBHackers News

Aside from leveraging advanced decryption routines to enable plaintext credential retrieval from the encrypted storage of Chromium-based browsers, XillenStealer also looks to steal private keys and wallet files from AtomicWallet, Exodus, Electrum, and Coinomi, while nabbing Steam credentials, Discord authentication tokens, and Telegram session files, among other information, for extensive target profiling, a Cyfirma analysis revealed.

Massive data files are also being broken down by XillenStealer into segments smaller than 45 MB for more efficient exfiltration via Telegram. Moreover, XillenStealer has also been bypassing detection and ensuring persistence through comprehensive virtualization environment checking, scheduled tasks, and process injections into Windows processes.