https://hexpysya.github.io/tags/infostealer/Recent content in Infostealer on bubka hacks stuffHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-fakegpt/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-fakegpt/A malicious Chrome extension masquerading as ChatGPT uses anti analysis checks, hooks Facebook login forms, and acts as a keylogger, exfiltrating AES encrypted data via pixel tracking.https://hexpysya.github.io/investigations/cdef-lockdown/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/An attacker performed SYN port scanning against an IIS server, enumerated open SMB shares, uploaded a webshell to the Documents share, triggered a reverse shell on port 4443, and established persistence via AgentTesla dropped into the Startup folder, which exfiltrated data via SMTP to cp8nl.hyperhost.ua.https://hexpysya.github.io/blue_team/ld-lumma-stealer---dll-side-loading-via-click-fix-phishing/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-lumma-stealer---dll-side-loading-via-click-fix-phishing/A Click Fix phishing email impersonating Microsoft lured Dylan into visiting a malicious site, which executed a disguised PowerShell command launching mshta.exe to download Lumma Stealer payload from overcoatpassably.shop. The host was contained before confirmed data exfiltration.