06/69 Tuesday, January 6, 2026
Cybersecurity researchers have identified a new information-stealing malware strain called VVS Stealer, developed in Python and heavily obfuscated using the PyArmor tool to evade security detection. The malware has been sold on Telegram since April 2025 at prices starting as low as €10 (approximately USD 11), and is primarily designed to target Discord accounts as well as data stored in Chromium-based and Firefox browsers, including cookies, browsing history, and saved passwords.
Once installed, the malware establishes persistence by placing itself in the Startup folder, ensuring it runs automatically whenever the system boots. It also displays a fake “Fatal Error” pop-up to make victims believe the behavior is caused by a normal system issue. One of its most notable capabilities is Discord injection—the malware forcefully terminates the running Discord process and downloads a JavaScript payload that intercepts authentication tokens and account data via the Chrome DevTools protocol.
The danger of VVS Stealer lies in its combination of Python’s ease of use with advanced obfuscation techniques, making detection and reverse engineering significantly more difficult. Additional reports indicate that threat actors are using administrator credentials stolen by infostealers to compromise enterprise systems and leverage them as launch points for chained malware distribution, such as ClickFix campaigns, further amplifying the scale and stealth of the infections.
Source https://thehackernews.com/2026/01/new-vvs-stealer-malware-targets-discord.html
