The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.

“Recent campaigns in June 2025 demonstrate GIFTEDCROOK’s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and browser secrets,” Arctic Wolf Labs said in a report published this week.

“This shift in functionality, combined with the content of its phishing lures, […] suggests a strategic focus on intelligence gathering from Ukrainian governmental and military entities.”