A new malware-as-a-service (MaaS) platform dubbed Venom Stealer has been identified by cybersecurity researchers, automating credential theft and continuous data exfiltration. According to BlackFog researchers, Venom Stealer integrates ClickFix social engineering directly into its operator panel, enabling attackers to automate the full attack chain from infection to data theft.
The platform operates on a subscription model from $250 per month to $1,800 for lifetime access, with Telegram-based licensing and an affiliate programme. Infections begin when victims land on a fake webpage and are prompted to run commands themselves, making the activity appear user-initiated and helping bypass detection.
Once executed, the malware extracts saved passwords, session cookies, browsing history, autofill data and cryptocurrency wallet information from Chromium and Firefox-based browsers, while also conducting system fingerprinting and collecting browser extension data for a detailed infected-system profile.
Venom Stealer remains active after infection, continuously monitoring Chrome’s login database to capture newly saved credentials in real time, and, if cryptocurrency wallets are found, sending data to a server-side cracking engine for automatic fund transfers.