The IT Nerd

Researchers have discovered a new infostealer dubbed Shuyal Stealer, a browser-targeted malware strain that steals login credentials from 19 different web browsers, widening its scope beyond popular platforms like Chrome and Edge. It also takes a more invasive approach by conducting deep system reconnaissance collecting granular details about disk drives, input peripherals, and display setups while capturing screenshots and clipboard contents. All of this, including Discord tokens, is funneled out through a Telegram bot infrastructure, making Shuyal a highly efficient and stealthy data-exfiltration tool.

More details can be found here: https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers

Davit Asatryan, VP of Research at Spin.AI, provided the following comments:

“We’ve seen a major increase in browser-level risks recently, indicating an emerging trend. It makes an attractive threat vector because it’s often an afterthought for security teams. It’s essential to keep an eye on this, as it’s only a matter of time before these attacks start cascading into serious SaaS compromises.”

If you’re concerned about a plug in or something similar sneaking its way onto your browser, this article can help you to stay safe: Uninstall or Disable Plugins to Make Your Browser More Secure

This entry was posted on October 9, 2025 at 1:32 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.