VENOM Stealer is a licensed malware kit available through malware-as-a-service (MaaS) that emphasises persistence and automation, allowing attackers to continuously siphon credentials, session data and cryptocurrency assets. It is sold on a licensing model at $250 per month or $1,800 for lifetime usage, with updates designed to reinforce the value of ongoing licensing.
Discovered and analysed by BlackFog, the kit is operated under the VenomStealer handle, with a Telegram-based affiliate programme and custom domains configured via Cloudflare DNS to keep commands hidden. The platform targets Windows but can be used on macOS as well, and includes pre-built ClickFix social‑engineering lures to deliver the payload, which then sweeps all Chromium and Firefox browsers to exfiltrate saved passwords, cookies, history, autofill data and wallet vaults.
A session listener now runs quietly in the background, reporting new passwords twice daily and revealing new wallet activity, a feature introduced in March 2026. Updates in March also added Chrome v10/v20 bypass and auto-crack support for numerous wallet extensions, with cracked data fed to a GPU-backed cracking engine.