this post was submitted on 08 Oct 2025
11 points (100.0% liked)
Cybersecurity
8658 readers
80 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For clarity this is windows malware, not a browser exploit.
Distributed as c++ payload, persists in Startup by writing itself there with the CopyFileA api, uses powershell to pull browser data from file system... This is windows malware that knows what files to look in for various browsers and then exfiltrates via telegram. I wouldn't have titled it like this since it make it seem like a browser exploit instead of a ball of c++ and powershell but it's neat that they cast such a wide net I guess. No mention so far of distribution method, initial exploit, or group attribution that I've been able to spot.
Original report from July: https://hybrid-analysis.blogspot.com/2025/07/new-advanced-stealer-shuyal-targets.html
Additional info: https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers