Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

Seqrite Labs discovered an active tax-season phishing campaign targeting U.S. citizens that uses deceptive .lnk attachments and nested Base64 PowerShell to fetch a PyInstaller-packed binary which stages a .NET infostealer (Stealerium v1.0.35). The report provides a full technical breakdown (execution chain, anti-analysis, mutex/hidden directories, browser/wallet/FTP/VPN/data theft, webcam/screenshot capture), ATT&CK mappings, IoCs (file hashes and C2 IPs), and recommended protections.