THE Unknown Stealers: What’s Hidden Below the Radar charts a stealer ecosystem that has evolved into a professionalised criminal economy, with Infostealers now operating as a MaaS-style service that resembles legitimate SaaS, offering payload builders, real-time log panels and managed C2 servers for $50 to $300 per month.
By 2026, the ecosystem supports more than 25 professional stealers and over 20 mid/low-tier tools, with new entrants appearing each month, and up to six simultaneous active campaigns identified on Void infrastructure during the analysis.
The technical deep dive focuses on Void Stealer, a late‑2025 C++ infostealer capable of harvesting credentials, session cookies, crypto wallet data, Telegram and Discord tokens, and extensive system fingerprinting, with a notable C2 technique using a Steam profile as an intermediate resolver.
Exfiltration is described as JSON serialised and Base64 encoded, with logs routed to the operator’s panel and optional Telegram alerts, while stolen data feeds into a broader underground market supporting account takeovers and phishing pretexts that can fuel ransomware incidents. According to SOCRadar, the full whitepaper covers the binary-level analysis, MITRE ATT&CK mapping, IOC details, and the underground log market landscape.