New Stealthy Python Malware Utilizes Discord to Exfiltrate Data from Windows Systems

A sophisticated new Python-based information stealer has emerged in the cybersecurity landscape, showcasing advanced capabilities for data exfiltration through Discord channels. Identified as “Inf0s3c Stealer,” this malware signifies a notable evolution in data theft tools, merging traditional system reconnaissance techniques with modern communication platforms to evade detection while efficiently harvesting sensitive information from compromised Windows systems. Operating as a comprehensive grabber, it systematically collects host identifiers, CPU information, network configurations, and user data from infected machines. Upon execution, Inf0s3c Stealer silently invokes multiple PowerShell commands through the Command Prompt to gather extensive system details, creating a detailed profile of the victim’s environment. The stealer targets a wide array of sensitive information, including Discord accounts, browser credentials, cookies, browsing history, cryptocurrency wallets, Wi-Fi passwords, and gaming platform sessions from popular services like Steam, Epic Games, and Minecraft.

Cyfirma researchers have identified that the malware employs sophisticated packaging and obfuscation techniques, utilising both UPX compression and PyInstaller bundling to evade detection. The 6.8MB executable maintains a high entropy value of 8.000, indicating heavy packing that obscures its true functionality from static analysis tools. During execution, the malware creates temporary directories within the Windows %temp% folder, systematically organising stolen data into categorised subdirectories such as “Credentials,” “Directories,” and “System” before compiling it into password-protected archives. The primary innovation of the stealer lies in its automated exfiltration mechanism through Discord channels, transmitting collected data as compressed RAR archives labelled “Blank Grabber.” This approach leverages legitimate communication infrastructure to blend malicious traffic with normal user activity, significantly reducing the likelihood of detection by network monitoring systems. Additionally, Inf0s3c Stealer employs advanced persistence tactics, ensuring long-term system compromise by copying itself into the Windows Startup folder, disguised with a .scr extension to appear as a screensaver file. 

Categories: Malware, Data Exfiltration, Evasion Techniques 

Tags: Inf0s3c Stealer, Data Exfiltration, Discord Channels, Malware, System Reconnaissance, Sensitive Information, PowerShell Commands, Obfuscation Techniques, Automated Exfiltration, Persistence Tactics