Void Stealer: The Infostealer Malware Quietly Targeting Organizations in 2026

Void Stealer is a mid-tier infostealer (MaaS) active since late 2025 that collects browser credentials, session cookies, crypto wallet seeds, messaging tokens, system fingerprints and more; it employs advanced evasion such as syscall-level EDR bypasses, runtime API resolution, encrypted configs and sandbox mutex checks, uses Steam profiles to resolve C2 infrastructure, delivers stolen logs to an admin panel and Telegram, and has multiple active affiliate campaigns with confirmed IOCs (e.g., citrusshop.icu, SteamID 76561199877608270).