Close Menu
  • Latest News
    • Bitcoin
    • Ethereum
    • Altcoins
    • Meme Coins
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Gaming
  • Legal
    • Legal and Regulatory
    • Adoption
  • Analysis
  • Learn
    • Education
    • Wallets and Exchanges
  • Tools
    • Market Overview
    • Exchange Tool
What's Hot

Bitcoin Market Outlook: Opportunities Ahead

July 15, 2026

NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

July 15, 2026

ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

July 15, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
Facebook X (Twitter) Instagram
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
  • Latest News
    1. Bitcoin
    2. Ethereum
    3. Altcoins
    4. Meme Coins
    5. View All

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026

    Inside U.S. Government’s $20.6B crypto wallet stash and what comes next

    July 15, 2026

    Bitcoin Price Crash to $48K? Analyst Warns 200-Week EMA Breakdown Could Trigger Deeper Selloff

    July 15, 2026

    JPMorgan sees Hyperliquid partnership weighing on Circle, Coinbase

    July 14, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    Ethereum falls to $1.7K – Will a $153 mln whale push help ETH bounce back?

    July 14, 2026

    Ethereum Bullish Signals Strengthen as Whale Accumulation, Lean Ethereum Roadmap Fuel Optimism

    July 13, 2026

    Which way is Ethereum headed? What to expect as bulls and bears fight for ETH

    July 13, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    Derive [DRV] gains 40% on Upbit news – THIS zone marks next major hurdle

    July 15, 2026

    LAB token sinks 99% from ATH: 3 reasons behind the collapse

    July 14, 2026

    Coinbase Smart Wallet Verification Upgrade Targets The Multi-Chain UX Problem

    July 14, 2026

    $1.2 Billion Exits Memecoins: Binance Data Signals Heavy Sell-Off

    July 14, 2026

    CASHCAT Soars 1,600% Amid Robinhood Memecoin Frenzy

    July 8, 2026

    Crypto Market Sectors Retreat as Meme Tokens Lead Daily Declines

    July 7, 2026

    Why Memecoins May Never Return to Their All-Time Highs

    July 4, 2026

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026
  • Tech
    1. Blockchain
    2. Security and Privacy
    3. View All

    Merck and Hashgraph Group launch Hedera-based product passport for EU compliance

    June 12, 2026

    COTI and Midnight Foundation Partner to Advance the Global Privacy Ecosystem

    June 11, 2026

    Cardano Gets Exposure From Olympics Committee

    June 11, 2026

    How Privacy and Composability Trade-Offs Differ

    June 11, 2026

    Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

    July 14, 2026

    One crypto wallet tied to a 20-year-old fraudster processed over $122M before Interpol closed in

    July 13, 2026

    Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

    July 13, 2026

    Relay Protocol Warns of Robinhood Chain Honeypot Coins

    July 10, 2026

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026
  • Web 3
    1. Gaming
    2. View All

    Yield Guild Games Sunsets YGG Play Publishing Unit, Cuts 35 Jobs

    July 7, 2026

    GO1 and Xiaohai Set up Potential Rematch at EWC 2026 Fatal Fury Bracket in Paris

    July 6, 2026

    CoinIQ Crypto Analysis: The Anti-FOMO Crypto App That Grades Coins Before You Buy

    July 3, 2026

    Hur Blockchain och NFT-teknologi Förändrar Kasinobranschen för Alltid

    June 29, 2026

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026
  • Legal
    1. Legal and Regulatory
    2. Adoption
    3. View All

    North Carolina Enacts Strict Rules for Crypto ATMs to Combat Fraud

    July 15, 2026

    The next currency crisis could turn $300 billion in stablecoins into national currencies

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    After MiCA deadline, majority of Binance users sent funds to self-custody not other compliant exchanges

    July 13, 2026

    Banks are building the rails to profit from 13.9 million BTC they do not own

    July 14, 2026

    Crypto exchanges are becoming the new distribution channel for Wall Street assets

    July 14, 2026

    Tether’s $20 billion mountain of gold – equal to a national reserve

    July 13, 2026

    A $407 million Treasury fund reveals how Wall Street is building crypto’s missing collateral layer

    July 12, 2026

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026
  • Analysis

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    Bitcoin pushes toward $65,000 on US inflation relief that may already be fading

    July 15, 2026

    DRV Price Soars 70% After Upbit Listing as Derive Sees Rising Network Activity

    July 15, 2026

    Is a Bitcoin whale from 2018 about to cash in after awakening to transfer $188 million?

    July 14, 2026

    Uniswap Price Rallies After Fee Switch Proposal—Can UNI Hit $5 Next?

    July 14, 2026
  • Learn
    1. Education
    2. Wallets and Exchanges
    3. View All

    What Is Robinhood Chain? The Ethereum Layer-2 Network for Tokenized Stocks

    July 12, 2026

    What Is BChat? The Decentralized Messaging App Built for Privacy

    June 2, 2026

    What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

    May 31, 2026

    What Is AI Jailbreaking? A Beginner’s Guide to the Cat-and-Mouse Game Behind Every Chatbot

    May 17, 2026

    Hong Kong gives crypto platforms one year to ditch one-time passwords or cover user losses

    July 11, 2026

    Coinbase World Cup error shows prediction markets still have a proof problem

    July 7, 2026

    Coinbase helped build USDC – Why is it now backing the stablecoin trying to replace it, Open USD?

    July 3, 2026

    Robinhood’s expanding crypto bet meets a faster-moving prediction market boom

    July 2, 2026

    Bitcoin Market Outlook: Opportunities Ahead

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

    July 15, 2026
  • Tools
    • Market Overview
    • Exchange Tool
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
Home»Security and Privacy»New ‘Chihuahua Stealer’ Targets Browser Data and Crypto Wallets
New ‘Chihuahua Stealer' Targets Browser Data and Crypto Wallets
Security and Privacy

New ‘Chihuahua Stealer’ Targets Browser Data and Crypto Wallets

September 10, 2025No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

A new strain of infostealer blending standard malware techniques with unusually advanced features has been detected.

First flagged by a Reddit user in April 2025, the malware, known as Chihuahua Stealer, was analyzed by G Data CyberDefense, which shared its findings in a May 13 report.

While appearing unsophisticated on the surface, this .NET infostealer employs advanced methods, including stealthy loading, scheduled task persistence and a multi-staged payload.

Multi-Stage PowerShell Script Infection

On April 9, a user on the r/antivirus subreddit shared how they were tricked into executing an obfuscated PowerShell script from a Google Drive document.

Upon investigation, G Data CyberDefense discovered that the PowerShell-based loader triggers a complex, multi-stage execution chain that leverages Base64 encoding, hex-string obfuscation and scheduled jobs to maintain persistence.

The loader is designed to be modular and stealthy, retrieving additional payloads from fallback command-and-control (C2) domains as needed.

The multi-stage chain involves the following steps:

  1. A lightweight launcher executes a Base64-encoded PowerShell string via iex, bypassing execution policies and hiding the payload from static analysis and signature-based detection
  2. The launcher decodes and reconstructs a heavily obfuscated hex payload by removing delimiters and converting hex to ASCII, dynamically assembling the next-stage script to evade static and sandbox analysis
  3. The script establishes persistence by scheduling a job that scans for infection markers (“*.normaldaki” files) and, if present, contacts a primary (and fallback) C2 server to retrieve and execute additional payloads based on received commands
  4. The persistent job obtains a .NET assembly from a remote domain, loads a Base64-obfuscated payload (the Chihuahua Stealer) from OneDrive and executes it in-memory via reflection before cleaning up visible traces (console and clipboard)
See also  What is the Best Cryptocurrency to Invest In? $0.035 DeFi Crypto Developing Real Utility Concept

Chihuahua Stealer’s Execution, Encryption and Data Exfiltration

The stealer initiates execution with the DedMaxim() function, which prints transliterated Russian rap lyrics to the console with short pauses between each line. The G Data researchers believe this to be a signature, albeit serving no functional purpose.

After displaying the lyrics, the stealer executes its main logic in the PopilLina() function, where it gathers the machine name and disk serial number via Windows Management Instrumentation (WMI), then obfuscates and hashes them to generate a unique identifier for the infected system. This identifier is used to name the archive and folder that will store the exfiltrated data.

After generating a unique victim ID and preparing a staging directory, the malware begins extracting data by searching for browser and crypto wallet files in user directories.

It utilizes a function to scan dynamic paths (with %USERPROFILE% placeholders) for installed browsers, and then another function to systematically extract credentials, cookies, autofill data, browsing history, sessions, and payment information from each detected browser.

Additionally, it targets crypto wallet extensions by identifying and copying data from folders associated with known wallet extension IDs.

After extracting browser data and crypto wallet extension files, the malware gets the stolen information ready for encryption and exfiltration. It creates a plaintext file named Brutan.txt in the working directory, then compresses all stolen data into a “.chihuahua” archive. Immediately afterward, the archive is encrypted using AES-GCM.

Once the stolen data has been zipped and encrypted into a “.VZ” file, the malware attempts to exfiltrate it to an external server using a retry loop.

See also  Goliath Ventures CEO charged with crypto Ponzi apologizes

The actual exfiltration happens in VseLegalno(). The function creates a WebClient instance and sets headers to mimic a binary file upload, then uploads the “.VZ” encrypted file to hxxps://flowers[.]hold-me-finger[.]xyz/index2[.]php.

Finally, the stealer wipes all evidence of its activity from the disk by using standard file and directory deletion commands.

G Data’s Mitigation Recommendations

G Data CyberDefense provided a list of recommendations to mitigate the Chihuahua Stealer threat:

  • Alert on frequent scheduled PowerShell jobs with suspicious or obfuscated commands
  • Hunt for unusual file extensions or marker files in directories like Recent or Temp
  • Detect Base64 decoding combined with .NET reflection (e.g., Assembly::Load()) in PowerShell logs
  • Flag uncommon AES-GCM usage via Windows CNG APIs, especially when tied to outbound HTTPS traffic
Browser Chihuahua Crypto Data Stealer Targets wallets
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

July 15, 2026

Inside U.S. Government’s $20.6B crypto wallet stash and what comes next

July 15, 2026

North Carolina Enacts Strict Rules for Crypto ATMs to Combat Fraud

July 15, 2026

$1.2 Billion Exits Memecoins: Binance Data Signals Heavy Sell-Off

July 14, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Why CPI, Tariff Headlines, and the CLARITY Act Could Shake the Crypto Market

January 13, 2026

8 Months To Go: Here’s How Bitcoin Could Trend In 2026 – Analyst

May 10, 2026

Stay ahead with the latest crypto news, market updates, blockchain insights, and trends. Your trusted source for everything happening in the digital asset world.


We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Bitcoin Market Outlook: Opportunities Ahead

July 15, 2026

NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

July 15, 2026

ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

July 15, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Free.cc directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
© 2026 free.cc - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.