logo

Fileless Phantom Stealer Targets Browser Credentials

ID: 75a69009-394a-5a9c-b978-ac5412fd4174

STIX ID: report--75a69009-394a-5a9c-b978-ac5412fd4174

Feed Name: Dark Reading

Threat Score
80/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

Author: Jai Vijayan

...
...

Phantom Stealer is a malware-as-a-service actively used in targeted phishing campaigns against banks and other high-value organizations; it uses a heavily obfuscated, layered dropper and fileless, in-memory techniques (PowerShell obfuscation, Base64+XOR+donut, API disguising) to inject into Explorer, harvest browser-stored credentials, session cookies, financial and crypto data, and exfiltrate via multiple channels (Telegram, Discord, FTP, SMTP). Fortra and other researchers observed ongoing campaigns and recommend behavior-based AV/EDR and monitoring for abnormal command lines and environment creation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.