Credential Leaks Intelligence
Infostealer malware campaigns (Lumma, RedLine, Vidar, StealC), combo list releases on dark web forums, credential stuffing operations, and enterprise exposure reports.
Credential Leaks — Archive & Latest
Interlock, Rhysida & RaaS Ecosystems: Credential Harvesting, AI-Driven Typosquatting, and Novel C2 Techniques — OTX Pulse Analysis
5 OTX pulses reveal active RaaS (INC, Rhysida), AI-typosquatting (SmartRAT), and Teams-relay (DragonForce) campaigns. Urgency: High.
Rhysida, INC RaaS, and SmartRAT: OTX Pulse Analysis — Multi-Vector Credential Theft Ecosystem
Surge in Rhysida/INC RaaS and SmartRAT via Steam/Teams. High urgency credential theft & ransomware activity detected.
DragonForce, Gremlin, and Steam-Based Vidar: OTX Pulse Analysis — Enterprise Detection Pack
DragonForce abuses MS Teams for C2. Steam wallpapers deliver Vidar/Lumma. Gremlin stealer evolves. Credential theft volume high.
Interlock & DragonForce Campaign: C2 Obfuscation via MSTeams and Stealer Delivery
Urgent: Active credential harvesting by Interlock, DragonForce, and Gremlin actors using MSTeams relays, Steam Workshop, and packed payloads.
Interlock, Rhysida, and DragonForce: OTX Pulse Analysis — Multi-Vector Infostealer & Ransomware Detection Pack
OTX pulses reveal active infostealer and ransomware campaigns (Rhysida, Gremlin, DragonForce) via Steam, Teams, and trojanized installers. Urgent hunting required.
Rhysida, Gremlin & Lumma Infostealers: Multi-Vector Credential Theft Campaigns — OTX Pulse Analysis
Active credential theft campaigns leveraging Steam Workshop supply chain, trojanized installers, and ransomware precursors.
Operational Alert: Interlock, Rhysida, and UNC6240 Campaigns — Gremlin Stealer & Critical Exploit Detection Pack
Active campaigns from Hive0163, Rhysida, and UNC6240 involving Gremlin stealer, zero-day exploits on Cisco/Oracle, and credential theft. Urgency: Critical.
Interlock, Rhysida & Gremlin Stealer: Converging Ransomware and Infostealer Operations — OTX Pulse Analysis
Active campaigns by Hive0163/Rhysida and Gremlin Stealer targeting credentials via trojanized installers. ShinyHunters exploiting Oracle zero-day.
Rise of AI-Themed Credential Theft & Sophisticated Infostealers: Gremlin, Lumma, SilabRAT Analysis — Enterprise Detection Pack
OTX pulses reveal surge in AI-branded social engineering, resource-based obfuscation, and new MaaS RATs targeting credentials.
Gremlin, SilabRAT & AI-Themed Stealers: OTX Pulse Analysis — Credential Theft & Supply Chain Threat Pack
Active campaigns using Gremlin Stealer, SilabRAT, and AI-themed phishing targeting credentials via supply chain and malvertising. High Urgency.
Gremlin Stealer, SilabRAT, and PyPI Supply Chain Attacks: OTX Pulse Analysis
Multi-vector credential theft campaign involving AI-themed phishing, malicious Python packages, and evolved info-stealers targeting enterprises.
Vidar, SilabRAT & PyPI Supply Chain Attack: Dark Web Credential Theft Surge
Credential theft via AI impersonation, TikTok tutorials, and malicious Python packages. Urgent detection required.
Vidar, SilabRAT & PyPI Supply Chain Attacks: Multi-Vector Credential Theft Campaign Analysis
AI-themed lures, PyPI supply chain attacks, and TikTok social engineering drive Vidar and SilabRAT infections. Urgency: High.
Vidar, Lumma, and SilabRAT: Multi-Vector Credential Theft Campaigns via AI Lures & Supply Chains
OTX Pulse: Vidar/Lumma stealers spreading via AI lures & TikTok; SilabRAT MaaS targeting crypto; Cisco SD-WAN exploits active. (High Urgency)
Operation AI Bait & Crypto MaaS: Vidar, SilabRAT, and Needle Campaign Analysis — OTX Pulse Intelligence
Active infostealer campaigns leveraging AI hype, TikTok, and PyPI to distribute Vidar, SilabRAT, and Needle. High urgency for credential defense.
Vidar, SilabRAT & Needle C2: Multi-Vector Credential Theft Campaigns Targeting Devs and End Users
Active infostealer campaigns (Vidar, SilabRAT) using AI phishing, TikTok tutorials, and malicious PyPI packages. Urgency: High.
Storm-3075, SilabRAT, and AI-Themed Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using AI phishing, TikTok tutorials, and PyPI supply chain attacks deploy Vidar, SilabRAT, and RustyStealer to steal credentials.
AI-Themed Phishing, MaaS Crypto-Stealers, and PyPI Worms: OTX Pulse Analysis — Enterprise Detection Pack
Surge in infostealers (Vidar, SilabRAT) via AI-branded lures and supply chain attacks targeting finance and tech sectors.
Storm-3075 AI Hype & SilabRAT MaaS: Multi-Vector Infostealer Surge & PyPI Supply Chain Compromise
Critical surge in infostealer campaigns (Vidar, Lumma, SilabRAT) leveraging AI hype, TikTok tutorials, and PyPI supply chains for credential theft.
Storm-3075, SilabRAT, and Needle: Multi-Vector Infostealer Campaigns Leveraging AI Hype and Supply Chains
OTX Pulse Analysis: Credential theft surge via AI scams, TikTok tutorials, and crypto-stealers. Block Vidar, SilabRAT, and Needle IOCs immediately.
SilabRAT MaaS, AI Brand Impersonation, and PyPI Supply Chain Attacks: Credential Theft Campaigns — OTX Pulse Analysis
Active Infostealer & C2 campaigns (SilabRAT, Vidar, Needle) use AI phishing, malicious PyPI wheels, and social media to steal crypto & credentials.
AI-Themed Infostealers & Supply Chain Attacks: Storm-3075, SilabRAT, and PyPI Worms — Detection Engineering
Active campaigns using AI lures (Vidar/Lumma) and malicious PyPI packages (Hades) targeting credentials and crypto. Immediate action required.
Lumma Stealer, Vidar, and SilabRAT Credential Harvesting Campaigns: OTX Pulse Analysis & Detection Engineering
OTX Pulses reveal active credential theft campaigns via AI social engineering, malicious PyPI packages, and MaaS platforms targeting finance & tech.
Storm-3075 & SilabRAT: AI Lures & Supply Chain Worms — OTX Pulse Detection Pack
Storm-3075 and SilabRAT MaaS campaigns target finance/tech via AI lures and malicious packages, deploying Vidar, Lumma, and RustyStealer.
Infostealer Ecosystem & Supply Chain Compromise: Storm-3075, TroyDen, and Hades Worms
Active credential theft campaigns leveraging AI lures, malicious PyPI/npm packages, and game trojanizers. Urgent detection required.
Lumma Stealer, Vidar & Supply Chain Worms: OTX Pulse Analysis — Multi-Vector Credential Theft Campaigns
Storm-3075 & supply chain actors exploit AI hype & dev tools for infostealer deployment. Urgent blocking and credential hygiene required.
Multi-Vector Credential Theft Campaigns: Lumma, Vidar, and Supply Chain Attacks — Enterprise Detection Pack
Multiple campaigns using AI-themed lures, supply chain attacks, and credential theft targeting enterprise sectors.
TroyDen AI Lures & Argamal RAT: OTX Analysis of Credential Theft Campaigns
Active infostealer surge detected: TroyDen's AI-generated GitHub lures, Argamal COM hijacking, and GriefLure APT targeting. Critical attention required.
TroyDen Lure Factory & Argamal RAT: OTX Pulse Analysis — Infostealer & Credential Theft Detection Pack
OTX pulses reveal large-scale infostealer and RAT campaigns targeting devs, gamers, and telcos using AI lures and COM hijacking.
TroyDen AI-Lures & Argamal RAT: Multi-Vector Credential Theft & TDS Ecosystem Analysis
Active campaigns infesting GitHub & fake repos with Redline/Lumma; PAN-OS zero-day exploited. Critical credential theft risk.
Operation GriefLure & TroyDen Factory: APT & Infostealer Swarm Analysis
APT espionage in SE Asia and global infostealer campaigns via GitHub & game installers. Immediate credential audit advised.
TroyDen, Argamal & GriefLure: Multi-Vector Infostealer & RCE Campaign Analysis
AI-generated GitHub lures, fake game RATs, and PAN-OS exploits target devs & APAC. Immediate credential checks required.
Redline, Lumma, and Argamal: A Multivector Infostealer Assault on Developers and Gamers — OTX Pulse Analysis
Active campaigns utilizing AI-generated GitHub lures, COM hijacking in game installers, and TDS ecosystems to steal credentials via Redline and Lumma.
Argamal RAT, RemusStealer, and Operation GriefLure: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal credential theft campaigns (Argamal, RemusStealer), macOS ClickFix, and critical PAN-OS zero-day exploitation.
Argamal RAT, RemusStealer & macOS ClickFix: Multi-Vector Credential Harvesting — OTX Pulse Analysis
Active campaigns distributing Argamal, RemusStealer, and AMOS via fake dev tools, hentai games, and macOS ClickFix lures. High risk of credential theft.
Argamal RAT, RemusStealer & ClickFix: Multi-Platform Credential Theft Campaigns
OTX analysis reveals Argamal RAT and RemusStealer campaigns targeting telecom/healthcare via COM hijacking and TDS.
Gamaredon GammaSteel & Argamal: Surge in Multi-Vector Infostealer Campaigns
OTX Pulse: Active campaigns utilizing GammaSteel, Remus, and Argamal steal credentials via TDS, COM hijacking, and ClickFix lures.
Gamaredon GammaSteel, Argamal RAT, and Remus Stealer: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns: Gamaredon GammaSteel, Argamal RAT, and Remus Stealer exploiting TDS and COM hijacking for credential theft. High threat level.
Remus Stealer & Gamaredon GammaSteel: OTX Pulse Analysis — Credential Theft & RAT Campaigns
Active infostealer campaigns (Remus, Argamal, GammaSteel) target credentials via browser bypass, COM hijacking, and Phone Link exploitation. Urgency: High.
ClickFix, Argamal, and UAT-8302: A Surge in Infostealers, RATs, and APT Tooling — OTX Pulse Analysis
OTX pulses reveal active campaigns deploying ClickFix, Argamal, and UAT-8302 malware, targeting credentials and government entities with RATs and stealers.
Multi-Vector Credential Theft: ClickFix, Argamal, and CloudZ Pheno Analysis — OTX Pulse Intelligence Pack
Active campaigns utilizing fake tools, game mods, and Phone Link exploitation to steal credentials. High-risk detection update.
ClickFix, Argamal, CloudZ, and UAT-8302: OTX Pulse Analysis — Multi-Vector Credential Theft & APT Detection Pack
Active OTX pulses reveal ClickFix, Argamal, and UAT-8302 campaigns. Urgent credential theft threats via social engineering and TDS.
ClickFix, LofyStealer, and JINX-0164: OTX Pulse Analysis on Emerging Infostealer & Supply Chain Threats
Active campaigns involving ClickFix, LofyStealer, and crypto-dev targeting JINX-0164. Includes supply chain attacks on npm packages. High urgency.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Infostealer & Supply Chain Assault — OTX Pulse Analysis
OTX pulses flag aggressive infostealer campaigns (ClickFix, LofyStealer), NPM supply chain attacks (Shai-Hulud), and OAuth abuse (Kali365). Action now.
Supply Chain Assault & Credential Harvesting: ClickFix, LofyStealer, JINX-0164, Kali365, and Shai-Hulud Campaigns — Enterprise Detection Pack
Multiple credential theft campaigns targeting cloud infrastructure and users via supply chain, social engineering, and OAuth abuse. Critical urgency.
Critical Infostealer Surge: ClickFix, LofyStealer, and NPM Supply Chain Attacks Targeting Cloud & Gaming Sectors
Active campaigns exploit social engineering and npm supply chains (CastleStealer, Shai-Hulud) to harvest credentials and cloud keys. Urgent hunting required.
Multi-Vector Infostealer Surge: ClickFix, LofyStealer & npm Supply Chain Attacks — OTX Pulse Analysis
OTX pulses highlight active credential theft campaigns via ClickFix social engineering, LofyStealer game mods, and npm package compromise. High urgency.
ClickFix, Ghost Stadium & EtherHiding: Analysis of Multi-Vector Credential Theft Campaigns
Active infostealer campaigns (LofyStealer, Vidar, CastleStealer) target gaming, crypto, and sports sectors via social engineering and smart contract C2.
ClickFix, Ghost Stadium & JINX-0164: Multi-Vector Credential Harvesting Analysis
OTX pulses reveal active credential theft campaigns via ClickFix, Ghost Stadium, and blockchain C2. Urgent detection rules included.
Credential Harvesting Evolved: ClickFix, LofyStealer & Ghost Stadium Campaigns — OTX Pulse Analysis
Active infostealer campaigns (ClickFix, LofyStealer) using fake tools, gaming lures, and FIFA phishing to steal credentials; high urgency.
Showing 50 of 189 reports. Archive expands automatically as new intel is generated.
Every Credential LeaksReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.