{"id":216781,"date":"2025-06-28T10:10:54","date_gmt":"2025-06-28T15:10:54","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/06\/giftedcrook-malware-evolves-from-browser-stealer-to-intelligence-gathering-tool"},"modified":"2025-06-28T10:10:54","modified_gmt":"2025-06-28T15:10:54","slug":"giftedcrook-malware-evolves-from-browser-stealer-to-intelligence-gathering-tool","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/06\/giftedcrook-malware-evolves-from-browser-stealer-to-intelligence-gathering-tool","title":{"rendered":"GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/giftedcrook-malware-evolves-from-browser-stealer-to-intelligence-gathering-tool2.jpg\"><\/a><\/p>\n<p>The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.<\/p>\n<p>\u201cRecent campaigns in June 2025 demonstrate GIFTEDCROOK\u2019s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and browser secrets,\u201d Arctic Wolf Labs <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/giftedcrook-strategic-pivot-from-browser-stealer-to-data-exfiltration-platform\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a report published this week.<\/p>\n<p>\u201cThis shift in functionality, combined with the content of its phishing lures, [\u2026] suggests a strategic focus on intelligence gathering from Ukrainian governmental and military entities.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. \u201cRecent campaigns in June 2025 demonstrate GIFTEDCROOK\u2019s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,9],"tags":[],"class_list":["post-216781","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-military"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/216781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=216781"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/216781\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=216781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=216781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=216781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}