: It targets Chrome, Firefox, and Edge to extract saved passwords and session cookies.
Frequently distributed via phishing emails containing the .zip archive, often disguised as an invoice, shipping document, or software update. Execution Chain WitchLogger.zip
: Disconnect the infected machine from the network immediately. : It targets Chrome, Firefox, and Edge to
: The stolen data is bundled and sent to a Command and Control (C2) server, often using HTTP POST requests or via a Telegram bot API for stealth. Technical Indicators (IOCs) : It targets Chrome