Researchers from Point Wild have uncovered a sophisticated Windows malware campaign involving the Pulsar RAT and Stealerv37. This malware operates stealthily, hiding in the computer's memory to steal sensitive information such as passwords, cryptocurrency, and gaming accounts. Unlike typical malware that might just sit idle, this one allows hackers to interact with victims in real-time through a live chat interface while pilfering their data. The attack begins with a small, disguised file located in the %APPDATA%\Microsoft directory. It employs a technique known as "living-off-the-land," leveraging trusted system tools like PowerShell to execute its code entirely in memory. This approach makes it difficult for standard antivirus software to detect. Hackers use a tool called Donut to inject the malware into benign processes like explorer.exe. If the malware is interrupted, a built-in watchdog feature restarts it almost immediately, and it can even disable Task Manager and User Account Control (UAC) prompts, further complicating efforts to remove it. The primary aim of the attackers is comprehensive theft. The Pulsar RAT enables them to access webcams and microphones, while the Stealerv37 targets personal and financial information. It scans for cryptocurrency wallets, monitors clipboard activities to replace payment addresses with those of the hackers, and extracts passwords and cookies from browsers like Chrome and Edge. Additionally, it collects data from VPNs and gaming accounts, sending all stolen information through platforms like Discord and Telegram. This marks a shift in cybercrime tactics, where attackers actively engage with victims while executing their schemes. To protect against this threat, users should regularly inspect their Windows Startup applications for unfamiliar entries, be cautious if security prompts disappear, and implement two-factor authentication on their accounts.