Amatera Stealer Malware — Analysis, Campaigns & Threat Activity

Threat entity extracted from intelligence sources

Frequency
9
occurrences
First Seen
November 17, 2025
Last Seen
July 17, 2026

Amatera Stealer is a malware family tracked across 6 threat clusters and 9 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity July 17, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • ACR Stealer Uses ClickFix, WebDAV, and Steganography to Steal Browser Credentials and Tokens — Gbhackers · July 17, 2026
  • InstallFix Uses Fake Claude Code Pages to Deliver Malware | Let's Data Science — Letsdatascience · May 5, 2026
  • New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery — Cybersecuritynews · March 16, 2026
  • Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware — Uk.Pcmag · March 6, 2026
  • Fake installation pages Claude Code spreads infostealer — Techzine.Eu · March 6, 2026
  • Fake Claude Code install guides push infostealers in InstallFix attacks — Bleepingcomputer · March 6, 2026
  • New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT — Thehackernews · November 17, 2025
  • EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT — Cybersecuritynews · November 17, 2025

CVSS v3.1 Breakdown