Lucid Stealer Malware Targets 18 Browsers and Crypto Wallets
Severity: High (Score: 66.0)
Sources: Cybersecuritynews, Gbhackers
Published: · Updated:
Keywords: lucid, stealer, browsers, crypto, wallets, discord, tokens
Severity indicators: ot, stealer
Summary
A new variant of the Lucid Stealer malware has been identified, capable of targeting 18 different browsers, cryptocurrency wallets, and Discord tokens. This malware, which functions as both an information stealer and a remote access Trojan (RAT), is distributed through Telegram-linked underground channels. Unlike typical malware, it is packaged as a legitimate Node.js Single Executable Application (SEA), making detection challenging. Cybersecurity experts warn that it can gain full control over infected machines, significantly increasing the risk of data theft. The malware's capabilities extend beyond simple credential theft, indicating a sophisticated threat landscape. Current reports suggest that the malware is actively being disseminated, raising alarms among security professionals. Organizations using affected browsers and wallets are advised to enhance their security measures. Key Points: • Lucid Stealer targets 18 browsers and crypto wallets, posing a significant threat. • The malware is distributed via Telegram, packaged as a legitimate Node.js application. • It can take full control of infected machines, indicating advanced capabilities.
Detailed Analysis
**Impact** The malware targets users of 18 different web browsers, various cryptocurrency wallets, and Discord tokens, putting stored credentials and digital assets at risk. The scope includes individuals and organizations using these platforms globally, with potential operational disruption due to unauthorized remote access. No specific sectors or geographic regions were detailed in the sources. **Technical Details** Lucid Stealer is distributed via underground Telegram-linked channels as a Node.js Single Executable Application (SEA) embedding a JavaScript loader and a Lucid-branded information stealer combined with a remote access trojan (RAT). It enables credential theft and full machine control, affecting Windows systems. No CVEs or specific infrastructure details were provided. Indicators of compromise (IOCs) were not disclosed. **Recommended Response** Defenders should monitor for suspicious Node.js SEA files and unusual remote access activity on Windows endpoints. Implement credential protection measures for browsers, crypto wallets, and Discord tokens. Block known Telegram-linked threat actor channels if possible. No patch or specific detection signatures were mentioned; continuous monitoring for anomalous behavior is advised.
Source articles (2)
- Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens — Gbhackers · 2026-06-08
A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple pa… - New Lucid Stealer Targets 18 Browsers, Crypto Wallets, and Discord Tokens With Hidden Remote Access — Cybersecuritynews · 2026-06-08
A newly identified piece of Windows malware is raising serious concerns among cybersecurity professionals for its wide reach and unusually deep set of capabilities. Discovered through underground chan…
Timeline
- 2026-06-08 — Lucid Stealer malware identified: A new variant of Lucid Stealer was discovered, targeting multiple browsers and crypto wallets, raising security concerns.
- 2026-06-08 — Malware distribution method revealed: The malware is being distributed through underground channels linked to Telegram, complicating detection efforts.
Related entities
- Malware (Attack Type)
- Lucid Stealer (Malware)
- T1003 - OS Credential Dumping (Mitre Attack)
- T1059.007 - JavaScript (Mitre Attack)
- Node.js (Tool)
- Windows (Platform)