Threat Research

A large-scale malware campaign leveraged AI-driven “vibe coding” to generate malicious code components, lowering the barrier for threat actors to create and distribute malware. The campaign used hundreds of malicious ZIP files impersonating popular software—such as AI tools, game mods, and utilities—to deliver multiple variants of the WinUpdateHelper.dll payload....

Pakistan-linked threat actor APT36 (Transparent Tribe) has shifted to an AI-assisted malware development model known as “vibeware,” generating large volumes of disposable implants using niche programming languages such as Nim, Zig, and Crystal to evade traditional detection....

Arkanix Stealer is an actively developed credential-stealing malware promoted mainly on Discord, where its operators advertise frequent updates and new features. Originally written in Python, the malware has evolved to include a C++ “Premium” version with expanded theft capabilities such as VPN and Steam accounts, screenshots, and Wi-Fi credentials....

This article presents a technical analysis of the VVS stealer (also known as VVS $tealer), focusing on its obfuscation and evasion techniques. Written in Python, the malware targets Discord users by exfiltrating credentials and authentication tokens. VVS stealer was actively developed and advertised for sale on Telegram as early as April 2025....

On October 6, 2025, the developer “Loadbaks” released Vidar Stealer v2.0 on underground forums. The malware was rewritten entirely in C, improving speed and efficiency through a multithreaded architecture. Its launch coincided with a decline in Lumma Stealer activity, driving threat actors toward Vidar and StealC....