Skip to main content
Mallory
Back to malware
Malware

Warp Stealer

Warp Stealer is a Go-based information-stealing malware and a Stealerium-derived offshoot/fork. The provided content describes it as overlapping significantly in code and features with other Stealerium descendants, including Phantom Stealer. It is also referenced in connection with a variant called "Warp AVKiller." High-confidence details in the content indicate that Warp Stealer is part of the broader infostealer ecosystem and is associated through code lineage with Stealerium-based malware development. The content does not provide a full standalone capability profile for Warp Stealer itself, but it explicitly identifies it as an information stealer and a Stealerium offshoot. No specific infection vector, target sector, threat actor attribution, or unique indicators of compromise are directly provided for Warp Stealer beyond these relationships.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
codebyNews
Jun 9, 2026
Phantom Stealer MaaS - разбор инфостилера Phantom Project

A stealer fork mentioned as sharing significant code overlap with Phantom Stealer and Stealerium.

Read more
the hacker newsNews
Sep 6, 2025
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

Warp Stealer is an information stealer related to Stealerium and Phantom Stealer, used to collect sensitive information from victims.

Read more
symantec blogNews
Feb 6, 2026
Black Basta: Defense Evasion Capability Embedded in Ransomware Payload | SECURITY.COM

Go-based information-stealing malware referenced as the broader threat family from which Warp AVKiller is derived.

Read more
symantec blogNews
Feb 6, 2026
Black Basta: Defense Evasion Capability Embedded in Ransomware Payload | SECURITY.COM

Go-based information-stealing malware family referenced as the basis for Warp AVKiller (a variant used primarily for security bypass).

Read more
+2 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.