What is StormKitty Stealer 2025?
StormKitty is a malware-as-a-service (MaaS) information stealer that first emerged in underground hacking forums in late 2024. It is distributed via cracked software, phishing emails, fake game cracks, and malicious ads.
Key Features of StormKitty Stealer 2025
1. Credential Theft
- Extracts saved passwords from browsers (Chrome, Firefox, Edge, Brave).
- Steals FTP, VPN, and email client credentials (Outlook, Thunderbird).
- Log Windows login credentials via memory scraping.
2. Cryptocurrency & NFT Theft
- Targets MetaMask, Exodus, Trust Wallet, and Binance Chain Wallet.
- Steals private keys, seed phrases, and wallet.dat files.
- Monitors the clipboard for crypto addresses (swaps the victim’s address with the attacker’s).
3. Browser Session Hijacking
- Steals cookies & session tokens (allowing account takeovers).
- Bypasses two-factor authentication (2FA) by hijacking active sessions.
- Target social media, banking, and cloud storage logins.
4. System & Network Data Collection
- Gathers IP address, geolocation, installed software, and hardware specs.
- Extracts Wi-Fi passwords for lateral network movement.
- Checks for virtual machines (VMs) & sandboxes to evade analysis.
5. Anti-Detection & Evasion Techniques
- Code obfuscation
- Delayed execution
- Process hollowing
- Disables Windows Defender & other AVs
6. Additional Payloads (Optional)
- Ransomware module
- Keylogger
- Discord token grabber