From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

Don’t have an account? Sign up > Try our antivirus with a free, full-featured 14-day trial Protect your team’s devices and data – no IT skills needed Explore award-winning endpoint security for your business We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, which attackers may use to access accounts, steal funds, or carry out further attacks. We detected multiple campaigns using different platforms and lures to distribute NWHStealer. The stealer is loaded and executed in several ways, such as self-injection or injection into other processes like RegAsm (Microsoft’s

Source: https://www.malwarebytes.com/blog/threat-intel/2026/04/from-fake-proton-vpn-sites-to-gaming-mods-this-windows-infostealer-is-everywhere