Server-Side Infostealers: How Initial Access Broker Pryx is Revolutionizing Infostealers

This report summarizes an interview with 'Pryx', an admin of the Hellcat ransomware group, who describes a server-side infostealer model that establishes Tor onion services on compromised hosts and allows attackers to remotely scrape credentials, tokens, and files; Pryx outlines modular hybrid tactics (lightweight client payloads + server-side harvesting), advanced techniques such as token hijacking and server-side AiTM, and a monetization model selling pre-compromised servers to ransomware and fraud operators.