RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration
Raven Stealer is a modern information-stealing malware developed in Delphi and C++, designed to extract sensitive data from victim machines. It targets Chromium-based browsers, extracting passwords, cookies, payment details, and autofill information. The malware uses a modular architecture and a built-in resource editor, allowing attackers to embed configuration details directly into the compiled payload. Raven Stealer is packed using UPX, reducing its size and improving evasion against static detection. It executes in a hidden state, leaving no visible traces during runtime. The malware is actively distributed through GitHub repositories and promoted via a Telegram channel, which functions as both a development log and distribution platform. Raven Stealer's use of Telegram for C2-like behavior, paired with a clean user interface and dynamic module support, positions it as a commercially attractive tool within the commodity malware ecosystem.
Pulse ID: 688ca9833437e813c8c6f379
Pulse Link: https://otx.alienvault.com/pulse/688ca9833437e813c8c6f379
Pulse Author: AlienVault
Created: 2025-08-01 11:48:19
Be advised, this data is unverified and should be considered preliminary. Always do further verification.