THE article discusses a new threat called Phantom Stealer, a fileless malware targeting banks and high-value organizations through phishing campaigns. It employs sophisticated evasion techniques and operates entirely in memory, making detection difficult. The malware focuses on stealing browser credentials, session cookies, and financial data, using various channels like Telegram and Discord for data exfiltration. Phantom Stealer is available as a malware-as-a-service (MaaS) for cybercriminals.
The attack process starts with a phishing email leading to a multi-stage infection that injects the malware into the Windows Explorer process. Once active, it can steal sensitive data, take screenshots, and maintain persistence on the infected machines. Security experts recommend behavior-based detection tools to protect against such threats.