I'm really intrigued by what we're seeing in security research lately β€” Fileless Phantom Stealer has this clever little infection chain that does its thing entirely in memory, which means it's not writing temp files to disk like most malware tries to hide out and get noticed by the AV scanners. What caught my eye is they didn't just stop at running fileless; they also packed on some anti-analysis techniques designed specifically to throw off both humans looking at screenshots of their systems and machines trying to detect them, which makes this thing even more sneaky than you'd expect from a credential stealer that operates above ground like it has nothing to hide. The browser credentials angle is where the real value comes in though β€” we've been watching browsers become these massive single points of failure with every login stored away for us, so if your favorite passwords and session tokens get plucked clean from Chrome or Firefox without ever leaving a footprint on disk, you might not even notice something stole them until someone starts making weird purchases. I find it fascinating that they're still finding novel ways to exploit the gaps between what AV software scans in memory versus scanning files β€” fileless doesn't mean invisible anymore but when combined with layered anti-analysis tricks like hooking functions and hiding from debuggers, these things can absolutely lurk under your nose while stealing everything worth having. Definitely worth checking out if you're running Windows (or any of the other targets they go after) since this stuff is actively happening in the wild right now; I've got my own machines patched but it's always nice to read up on what we might be dealing with when something like Phantom Stealer hits your browser.

Source: https://www.darkreading.com/cyberattacks-data-breaches/fileless-phantom-stealer-targets-browser-credentials