Gremlin Stealer is a newly emerged infostealer malware written in C#, first advertised in March 2025 via the CoderSharp Telegram channel. According to a technical report by Palo Alto Networks' Unit 42, this malware is under active development but already capable of exfiltrating a broad spectrum of sensitive data from Windows systems. It targets browsers, clipboards, local files, hardware metadata, crypto wallets, FTP and VPN credentials, as well as Steam, Discord, and Telegram session data. Notably, it can bypass Chrome cookie V20 protection and exfiltrates stolen data to a fixed server (207.244.199[.]46) and via a Telegram bot using a hardcoded API key. Collected data is stored in plain text, zipped, and uploaded. The associated portal currently hosts ZIP archives of victim data, which can be downloaded or deleted—demonstrating how the malware combines functionality with active data monetization features.

‍