Powercat malware campaign: Fake game cheats deliver infostealer targeting Discord, Roblox, and crypto wallets

Powercat is a multi-stage malware campaign observed in February 2026 that disguises itself as game cheat utilities to infect gamers. The initial EXE profiles hosts and contacts a command domain, a Java-based second-stage loader (jd-gui.jar) is deployed, and a final infostealer DLL/JAR is installed to steal cryptocurrency wallets, browser cookies (via DPAPI), Discord and gaming accounts, and to perform keylogging, screen and webcam capture; the report includes anti-analysis measures, persistence methods, recommended defensive controls, and multiple SHA256 and domain IOCs.