Stealerium Malware Surge Raises Alarms Over Emerging Attack Strategies

ByAdmin

Proofpoint threat researchers have reported a notable increase in the use of Stealerium-based malware by opportunistic cybercriminals. Recent analysis by Rob Kinner, Kyle Cucci, and the Proofpoint Threat Research Team has revealed a rising trend in malware campaigns that leverage Stealerium, an open-source infostealer initially released for “educational purposes.” Stealerium, along with related malware families such as Phantom Stealer, is primarily used to extract sensitive information from compromised systems. The research indicates that cybercriminals are increasingly prioritising the acquisition of identities and credential information through information-stealing malware. While many threat actors continue to utilise malware-as-a-service options like Lumma Stealer and Amatera Stealer, some are shifting towards one-off purchases or adopting open-source code repositories, including Stealerium.

Stealerium became available on GitHub in 2022, labelled for “educational purposes only.” Its open-source nature provides valuable insights for cyber defenders, but it equally benefits malicious actors who adapt or enhance its code to create new, evasive variants. Proofpoint researchers have observed a surge in the number and diversity of Stealerium-based campaigns, particularly a renewed focus in mid-2025 after a period of diminished activity. In May 2025, the threat actor TA2715 employed Stealerium in a campaign, marking its first significant reappearance in Proofpoint’s email threat data since early 2023. Another actor, TA2536, utilised Stealerium in late May 2025, having previously favoured Snake Keylogger. These malware campaigns are extensive in their reach and employ a variety of email lures and delivery mechanisms, often impersonating establishments such as charities, banks, or courts. 

Categories: Malware Trends, Information Theft, Campaign Techniques 

Tags: Stealerium, Malware, Cybercriminals, Information Theft, Open-Source, Campaigns, Email Lures, Social Engineering, Payload, Execution 

Leave a Reply

Your email address will not be published. Required fields are marked *