What started as a low-profile browser data thief has now morphed into one of the most dangerous pieces of malware in the wild. GIFTEDCROOK, once known for stealing cookies and credentials, has leveled up into a highly targeted surveillance tool for malicious parties and nefarious war schemes.
This isn’t your average piece of malware anymore. Security researchers have uncovered newer versions, labeled 1.2 and 1.3, that go beyond snatching passwords. The upgraded GIFTEDCROOK now digs into your system for sensitive files. PDFs, spreadsheets, images, even VPN configs are not safe. It focuses on documents under 7MB and filters them by date, snatching anything modified in the last 45 days. This is no accident. It’s strategic and laser-focused.
How does it get in? Through emails disguised as official military documents. The moment someone enables Excel macros, the malware drops and begins harvesting data silently. Once collected, the files are zipped and exfiltrated using Telegram bots. If the bundle is too big, GIFTEDCROOK splits it into parts, evading detection like a digital ninja.
Security experts are sounding the alarm. This isn’t just about stolen passwords anymore. With access to VPN settings, sensitive internal documents, and browsing history, this malware now holds the keys to high-level intel.
And it’s not done evolving.
GIFTEDCROOK’s new features include advanced file scanning, stealth encryption with XOR ciphers, and modular data exfiltration systems. Using Telegram for data transfer adds another layer of complexity, keeping it under the radar of traditional security tools.
What’s next? No one knows for sure. But one thing is clear: GIFTEDCROOK has graduated from petty cybercrime to full-scale digital espionage. And if you’re in defense, policy, or critical infrastructure, you might already be a target.