infostealer

The Storm Infostealer Doesn't Decrypt Your Passwords Locally. It Takes Them Home First.

John Z Black Apr 5, 2026

Threat Intelligence #storm #infostealer #credential-theft #server-side-decryption #maas #browser-security

Storm ships encrypted credentials to attacker servers for decryption, bypassing every endpoint detection built to catch local credential theft.

Claude Code's Leaked Source Spawned Malware and a DMCA Disaster

John Z Black Apr 3, 2026

AI Security #anthropic #claude-code #vidar #infostealer #dmca #github #supply-chain

Threat actors turned Anthropic's leaked source into a Vidar infostealer campaign within 24 hours. Then Anthropic's DMCA response nuked 8,100 innocent repos.

Operation Leak Is Still Playing Out, and Russia Just Arrested One of Its Own

John Z Black Mar 27, 2026

Ransomware & Cybercrime #cybercrime #infostealer #leakbase #redline #law-enforcement #russia #operation-leak

LeakBase's alleged admin was arrested in Russia. RedLine's alleged developer was extradited to the US. Two arrests, two continents, and one genuinely unusual week for cybercrime enforcement.

Torg Grabber Is Coming for Your Crypto Wallet Extensions

John Z Black Mar 26, 2026

Threat Intelligence #infostealer #cryptocurrency #browser-extensions #malware #crypto-wallets

Torg Grabber is a new infostealer targeting 728 cryptocurrency browser wallet extensions, including MetaMask, Phantom, Exodus, and Coinbase. It's a full MaaS operation with real victims.