Blog / Research

GitHub pages serve Braodo Version 2, A Python based Stealer 19 May
  • By Gurumoorthi
  • stealer, python_obfuscation, braodo, telegram_bot
  • 7 Likes
  • 0 Comments
  • 0 Shares

GitHub pages serve Braodo Version 2, A Python based Stealer

We observed a threat actor leveraging GitHub repositories to execute Braodo Stealer a Sophisticated Python based Stealer. The Author hosted all the necessary python packages to run the stealer within the GitHub repository. The infection layers included a Byte Order Marker (BOM), a type of obfuscator designed to make the victim believe it is a Chinese file.

Websites poisoned with Fake Captcha Leading to Lumma Stealer 29 Apr
  • By Mageshwaran B
  • phishing, lummastealer, fakecaptcha, amsi_bypass
  • 8 Likes
  • 0 Comments
  • 1 Shares

Websites poisoned with Fake Captcha Leading to Lumma Stealer

Since Q1’ 2025 we found that the Threat Actor leveraging Cloudflare themed Fake Captcha to Inject into legit sites leading to Drop LummaStealer. Where the Malware author used various obfuscation and encryption methods to evade the detections from AV vendors

Categories

Tags

agenttesla amsi_bypass braodo crimson crimsonRAT dropper fakecaptcha github lummastealer memory_injection phishing python_obfuscation remcosrat stealer telegram_bot xwormrat