MALICIOUS trading website drops malware that hands your browser to attackers, published on 22 April 2026, details how Needle Stealer is being distributed through a fake TradingClaw site advertised as an AI trading tool. The campaign uses DLL hijacking, with the loader named iviewers[.]dll loading a second-stage DLL that injects Needle Stealer into RegAsm[.]exe via process hollowing.
Needle is a modular infostealer written in Golang, enabling features such as form grabbing, clipboard hijacking, and the ability to install malicious browser extensions that can control a victim’s browser and redirect or inject content. The attackers package a ZIP containing the first infection stage and, once installed, the malware can take screenshots, harvest browser data, wallet information, and data from apps like Telegram and FTP clients.
According to Malwarebytes, the same stealer is distributed by other malware families such as Amadey and GCleaner, and the threat is linked to a fake TradingClaw page that sometimes redirects to studypages[.]com to evade detection.