A new MaaS platform called Venom Stealer automates every step of the social engineering technique behind ClickFix attacks, enabling would‑be attackers to create a persistent information‑stealing pipeline from initial infection to credential theft, wallet access and data exfiltration. Venom Stealer is sold by a developer using the name VenomStealer on cybercriminal forums and networks, according to BlackFog’s report published on 1 April 2026.
The platform is priced at $250 a month or $1,800 for lifetime access, with a vetted application process and a 15% affiliate program, Williams noted. It delivers a continuous exfiltration pipeline that remains active beyond the initial payload and includes Windows and macOS templates, fake prompts, and features to configure custom domains through Cloudflare DNS so the panel URL does not appear in the command.
A March update added a File Password and Seed Finder to feed into the cracking pipeline, and the system can harvest credentials, cookies, browser data and cryptocurrency wallet vaults, with the aim of automating wallet cracking and fund draining. Research from BlackFog describes Venom Stealer as “the Apex Predator of Wallet Extraction” in its promotion on cybercriminal forums. According to Williams, the platform remains active after compromise, making detection and incident response more challenging.