Malicious trading website drops malware that hands your browser to attackers

## Executive summary This report analyzes an active campaign distributing Needle Stealer — a modular Golang infostealer — via a fake AI trading site (tradingclaw.pro). It documents the delivery and execution chain (ZIP download, DLL hijacking, loader iviewers.dll, process hollowing into RegAsm.exe), the stealer's features (browser data theft, wallet spoofers, malicious browser extensions with broad permissions), C2 endpoints and IOCs (hashes, domains, IPs), and recommended mitigations.