Researchers detailed two separate malware operations that rely on stealth and in-memory execution to steal credentials and maintain remote access. One campaign targeted Roblox exploit users with a trojanized executor branded as Yuta/Solara, presenting a polished .NET WPF interface with AI-themed features while silently deploying a PyInstaller-packed Python 3.12 stealer linked to the Glove Stealer family. The malware harvested browser credentials, Roblox cookies, developer secrets, MetaMask vaults, Discord tokens, and Google account artifacts, while using AMSI and ETW patching, Windows Defender tampering, AppLocker evasion, persistence mechanisms, and Discord webhooks for exfiltration.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Researchers described a Lazarus campaign targeting financial institutions and cryptocurrency organizations with a largely memory-resident malware framework composed of DPAPILoader, RemotePELoader, and RemotePE. The report said the final payload is an in-memory RAT designed to reduce forensic visibility while enabling command execution, file access, and process management.
A research report documented a multi-stage malware campaign targeting Roblox exploit users with a trojanized executor that deploys a PyInstaller-packed Python stealer derived from the Glove Stealer family. The analysis detailed credential theft, Discord webhook exfiltration, persistence, and multiple Chrome App-Bound Encryption bypass techniques.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
malware.news
Open sourcederp.ca
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.