Fileless Phantom Stealer Targets Browser Credentials
ID: 75a69009-394a-5a9c-b978-ac5412fd4174
STIX ID: report--75a69009-394a-5a9c-b978-ac5412fd4174
Feed Name: Dark Reading
Phantom Stealer is a malware-as-a-service actively used in targeted phishing campaigns against banks and other high-value organizations; it uses a heavily obfuscated, layered dropper and fileless, in-memory techniques (PowerShell obfuscation, Base64+XOR+donut, API disguising) to inject into Explorer, harvest browser-stored credentials, session cookies, financial and crypto data, and exfiltrate via multiple channels (Telegram, Discord, FTP, SMTP). Fortra and other researchers observed ongoing campaigns and recommend behavior-based AV/EDR and monitoring for abnormal command lines and environment creation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
