Scans for browser extensions and desktop files related to MetaMask, Binance, Phantom, and Atomic Wallet.
Change all passwords (starting with Email and Finance) from a different, clean device . gavnosource.rar
The malware communicates with a remote server using encrypted HTTP POST requests. It sends a compressed .zip or .7z file containing the stolen data to the attacker’s C2 infrastructure. Scans for browser extensions and desktop files related
Steals saved passwords, credit card info, and autofill data from Chrome, Edge, and Firefox. credit card info