Amatera Stealer is a malware family tracked across 6 threat clusters and 9 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity July 17, 2026.
From late April to mid-June 2026, ACR Stealer, a malware-as-a-service operation, has ramped up its activity targeting enterprise users by stealing browser credentials, session tokens, and sensitive documents. The attack…
The InstallFix campaign targets users by creating fake installation pages for Anthropic's Claude AI, tricking them into executing malware. This sophisticated social engineering tactic exploits the growing reliance on AI…
A newly identified variant of ACRStealer is actively being deployed by HijackLoader, utilizing advanced techniques to evade detection and maximize data theft. This variant employs low-level syscall evasion, AFD-based…
Cybercriminals are exploiting fake download pages that impersonate Claude Code, a legitimate AI coding assistant, to distribute infostealer malware. Developers and IT professionals are particularly at risk as they may…
The EVALUSION and SmartApeSG campaigns are utilizing the ClickFix technique to deploy the Amatera Stealer and NetSupport Remote Access Trojan (RAT). These campaigns target various organizations, exploiting…
The EVALUSION and SmartApeSG campaigns utilize the ClickFix technique to deploy the Amatera Stealer and NetSupport RAT. These campaigns target various organizations, leveraging vulnerabilities to execute malicious…