Valkyrie Stealer is a sophisticated C++ infostealer targeting Windows systems. Its design focuses on collecting sensitive information, including credentials, browser data, and messaging app sessions. The malware employs a modular architecture, enabling it to execute various data theft operations. It uses advanced evasion techniques, such as heavy encryption for data exfiltration and checks to detect analysis environments, making it difficult for security tools to catch it. The stealer's capabilities include harvesting data from Chromium-based browsers, stealing information from Discord and Telegram, and extracting details from game accounts and cryptocurrency wallets like MetaMask and Exodus. Valkyrie is protected by Themida, which hinders reverse engineering and analysis, and it uses AES-GCM for encrypting stolen data before sending it to a command and control server, which it identifies through a Steam profile. The developer, known as “Lawxsz,” has been active since at least late 2022 and operates across various platforms like Telegram and GitHub to distribute and market his malware. Lawxsz also offers customer support and updates through dedicated channels. His activities have evolved from selling RATs to developing malware-as-a-service products like Valkyrie and Prysmax Stealer. He claims to be working on a new crypter that uses EV code-signing certificates to bypass detection measures, with a price point of $400 for full access to the stealer and additional features.